From: owner-openssl-us...@openssl.org On Behalf Of redpath
Sent: Friday, 01 February, 2013 14:55
I am using ECDSA to create and verify a signature for a document.
I apparently cannot use the ecdsa.PEM directory and so here
is my question.
Nit: ecdsa.pem is a file, containing (parameters and) a key,
not a directory.
Below I have abstraction code for my question. The keys
created are with the
openssl
commands shown below.
openssl ecparam -out *ecdsa.pem *-name secp224r1 -genkey
openssl req -newkey ec:ecdsa.pem -x509 -nodes -days 731 -keyout
*ecdsapriv.pem* -out *ecdsapublic.x509*
The artifacts generated by these commands are
* ecdsa.pem
ecdsapriv.pem
ecdsapublic.x509*
I then create an ECDSA using the ecdsapriv.pem
m= getdata(*mydocument*,len); //orignal document
result=sha256((char *)m,len);
fp =fopen(*ecdsapriv.pem*, rb); */*marked*/*
pevpkey= PEM_read_PrivateKey(fp, pevpkey, NULL, NULL);
peckey= EVP_PKEY_get1_EC_KEY(pevpkey);
EC_KEY_set_group(peckey,EC_GROUP_new_by_curve_name(
NID_secp224r1) );
This isn't needed, an ECC key read from a PEM file already has
the correct group. In fact if the key in the file is for a
different (wrong?) group this will screw it up totally.
unsigned int siglen = ECDSA_size(peckey);
printf(Max signature length is %d \n,siglen);
siglen = ECDSA_size(peckey);
unsigned char *ptr = OPENSSL_malloc(siglen);
unsigned char *save= ptr;
ECDSA_SIG *sig;
ret= ECDSA_sign(0 ,result, SHA256_DIGEST_LENGTH, ptr,
siglen, peckey);
You don't need to set siglen twice, you don't need two pointers
here, and you don't use sig at all. In real code you should
check (at least) file opens and mallocs for null before using
them, but for posting I'll ignore that.
outfp = fopen(*mysignatureEC*,wb);
fwrite(save, 1, siglen, outfp);
fclose(fp);
**then I verify it reading the X509* snip
AND ALL WORKS WELL but *why can't I use the *ecdsa.pem*
directly instead I had to use the ecdsapriv.pem?
Your ecparam command generated a key(pair) in ecdsa.pem.
Your req -newkey -x509 command generated a *different* key(pair)
in ecdsapriv.pem and a cert for *that* key in ecdsapublic.x509.
The cert matches the key in ecdsapriv.pem and can verify signatures
using that key. The cert does not match the key in ecdsa.pem which
is a different key and cannot verify signatures using that key.
You would think the name of this function PEM_read_PrivateKey(**)
means it reads a PEM that might have the public and private
key and gets the private but apparently not?
Yes it does read the privatekey representation, which for OpenSSL
always includes the publickey value(s), from the file you specify.
(For DSA and ECC/ECDSA the standard privatekey structure includes
the public value. For RSA a naive privatekey does not include the
public exponent, but OpenSSL uses the CRT form which does.)
If you have two files containing different keys, reading those
files gives you different keys.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
