Re: ECDSA public key token to/from binary
> Thanks for the response. Are X and Y the public key? The tuple (X,Y), yep. But not in any kind of standard, portable form--just in OpenSSL BIGNUM structures. > I tried this and it seems to work. Error checking omitted for > easier reading. Comments? That looks sane to me. Billy __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDSA public key token to/from binary
owner-openssl-us...@openssl.org wrote on 07/18/2011 09:49:33 AM: > From: Billy Brumley > To: openssl-users@openssl.org > Date: 07/18/2011 10:00 AM > Subject: Re: ECDSA public key token to/from binary > Sent by: owner-openssl-us...@openssl.org > > Dear Ken, > > One way to accomplish this is something along the lines of > > EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); > > where EC_KEY is the key structure, returning the point as an EC_POINT > structure, followed by > > int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const > EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); > > where EC_GROUP is setup for P-521 (have a look at > EC_GROUP_new_by_curve_name), EC_POINT is the public key from the > previous call; it dumps the coordinates to x and y, where you can use > BN_bn2bin or whatever you like. You'd reverse it with Thanks for the response. Are X and Y the public key? I tried this and it seems to work. Error checking omitted for easier reading. Comments? Getting the public key: group = EC_KEY_get0_group(eckey); ec_point = EC_KEY_get0_public_key(eckey); *publicKeyLength = EC_POINT_point2oct(group, ec_point, POINT_CONVERSION_UNCOMPRESSED, *publicKey, *publicKeyLength, NULL); Setting the public key: *ecPubKey = EC_KEY_new(); group = EC_GROUP_new_by_curve_name(nid); ec_point = EC_POINT_new(group); EC_KEY_set_group(*ecPubKey, group); EC_POINT_oct2point(group, ec_point, publicKey, publicKeyLength, NULL); EC_KEY_set_public_key(*ecPubKey, ec_point); > int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, > const BIGNUM *x, const BIGNUM *y, BN_CTX *); > > followed by > > int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); > > While this is the manual way to do it that you've asked for, there are > a few caveats that can affect security so if possible I'd consider > standard (ANSI? P1363?) methods like EC_POINT_point2bn and so on. > Those also easily allow point compression if that's needed. In > general, poke around in include/openssl/ec.h and there is lots of > useful functionality, although not as much documentation. I've been doing that poking.
Re: ECDSA public key token to/from binary
On Fri, Jul 15, 2011, Kenneth Goldman wrote: > I have to extract a binary (unsigned char *) representation of a public > key from an ECDSA openssl key structure. Later, I want to use that binary > to reconstruct an openssl public key structure that I can use to verify a > signature. The curve is fixed - P521. > > I don't need any certificates, just a public key that I can embed in the > verifier. > > Can someone point me toward sample code? Or, can someone give me some > hints? > One way that works with all key types is to encode as a SubjectPublicKeyInfo structure (as used by certificates). The functions i2d_EC_PUBKEY() and d2i_EC_PUBKEY() will do the trick for EC keys. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDSA public key token to/from binary
Dear Ken, One way to accomplish this is something along the lines of EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); where EC_KEY is the key structure, returning the point as an EC_POINT structure, followed by int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); where EC_GROUP is setup for P-521 (have a look at EC_GROUP_new_by_curve_name), EC_POINT is the public key from the previous call; it dumps the coordinates to x and y, where you can use BN_bn2bin or whatever you like. You'd reverse it with int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); followed by int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); While this is the manual way to do it that you've asked for, there are a few caveats that can affect security so if possible I'd consider standard (ANSI? P1363?) methods like EC_POINT_point2bn and so on. Those also easily allow point compression if that's needed. In general, poke around in include/openssl/ec.h and there is lots of useful functionality, although not as much documentation. Sincerely, Billy On Fri, Jul 15, 2011 at 10:54 AM, Kenneth Goldman wrote: > I have to extract a binary (unsigned char *) representation of a public key > from an ECDSA openssl key structure. Later, I want to use that binary to > reconstruct an openssl public key structure that I can use to verify a > signature. The curve is fixed - P521. > > I don't need any certificates, just a public key that I can embed in the > verifier. > > Can someone point me toward sample code? Or, can someone give me some > hints? > > -- > Ken Goldman kg...@watson.ibm.com > 914-784-7646 (863-7646) > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org