I am using ECDSA to create and verify a signature for a document.
I apparently cannot use the ecdsa.PEM directory and so here is my question.
Below I have abstraction code for my question. The keys created are with the
openssl
commands shown below.
openssl ecparam -out *ecdsa.pem *-name secp224r1 -genkey
openssl req -newkey ec:ecdsa.pem -x509 -nodes -days 731 -keyout
*ecdsapriv.pem* -out *ecdsapublic.x509*
The artifacts generated by these commands are
* ecdsa.pem
ecdsapriv.pem
ecdsapublic.x509*
I then create an ECDSA using the ecdsapriv.pem
m= getdata("*mydocument*",&len); //orignal document
result=sha256((char *)m,len);
fp =fopen("*ecdsapriv.pem*", "rb"); */*marked*/*
pevpkey= PEM_read_PrivateKey(fp, &pevpkey, NULL, NULL);
peckey= EVP_PKEY_get1_EC_KEY(pevpkey);
EC_KEY_set_group(peckey,EC_GROUP_new_by_curve_name( NID_secp224r1) );
unsigned int siglen = ECDSA_size(peckey);
printf("Max signature length is %d \n",siglen);
siglen = ECDSA_size(peckey);
unsigned char *ptr = OPENSSL_malloc(siglen);
unsigned char *save= ptr;
ECDSA_SIG *sig;
ret= ECDSA_sign(0 ,result, SHA256_DIGEST_LENGTH, ptr, &siglen, peckey);
outfp = fopen("*mysignatureEC*","wb");
fwrite(save, 1, siglen, outfp);
fclose(fp);
**************then I verify it reading the X509*
m= getdata("*mydocument*",&len); //get original document data
result=sha256((char *)m,len);
sig= getdata("*mysignatureEC*",&siglen); //get signature file data
fp =fopen("ecdsapublic.x509", "rb"); //open x509 and get public key
x509 = PEM_read_X509(fp,&x509, NULL, NULL);
evpkey = X509_get_pubkey(x509);
pubeckey = EVP_PKEY_get1_EC_KEY(evpkey);
ret = ECDSA_verify(0, result,SHA256_DIGEST_LENGTH, sig, siglen,
pubeckey);
if (ret == -1){
printf("signature error in verify\n");
}
else if (ret == 0){
printf(" incorrect signature \n");
}
else /* ret == 1 */{
printf("signature ok \n");
}
*
AND ALL WORKS WELL but *why can't I use the *ecdsa.pem* directly instead I
had to use the ecdsapriv.pem?
if I switched the filename
fp =fopen("ecdsapriv.pem", "rb"); * /*marked*/*
to this
fp =fopen("ecdsa.pem", "rb"); * /*marked*/*
The verify will not work. You would think the name of this function
PEM_read_PrivateKey(**)
means it reads a PEM that might have the public and private key and gets
the private but apparently not?
*So let me know anything different*
unsigned char *sha256(char *data, int length)
{
static unsigned char hash[SHA256_DIGEST_LENGTH];
printf("******SHA2 digest follows length=%d:\n",length);
SHA256_CTX sha256;
SHA256_Init(&sha256);
SHA256_Update(&sha256, data, length);
SHA256_Final(hash, &sha256);
// for curiosity
// int i = 0;
// for(i = 0; i < SHA256_DIGEST_LENGTH; i++)
// printf("%02x", hash[i]);
// printf("\n");
return hash;
}
--
View this message in context:
http://openssl.6102.n7.nabble.com/PEM-read-PrivateKey-using-ECDSA-PEMS-tp43438.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
