RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 21:48 Yes i used [KDF1_SHA1 for ECDH_compute_key] from ec/ecdhtest.c. If you see the ECDH_compute_key in last argument It need some hash function to sign the shared secret. The last argument can be null and usually should be null. If nonnull it is used for key derivation, NOT signing of any kind. And here I need 256 bit secret key,that will be point on curve?. That why I tried to use here sha256,because sha1 is 20bytes . The ECDH agreement is technically a point, but by convention only the x coordinate is used, because y adds no entropy. The x coordinate is the size of the group/curve (or rarely less). You can 'expand' it using a hash like SHA256 or SHA512, but you get no benefit from doing so as long as you're using the result in a decent symmetric cipher. You might as well just pad it with zeros (or ones or anything else deterministic you like). Also ECDH_compute_key for this fun I did not find much detail. Do you know how can I get x,y cordinate from public point i mean which API to use? You can get coordinates from any point, depending on the type of group/curve used; see EC_compute_key for an example. But separate coordinates of a public point are unhelpful; you need the whole point to do the ECDH computation. Technically you can reconstruct the point from x (or x and y), but if you already have the point (and you should) doing so is just a waste of effort. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 01:58 Its generating 64 bytes when I print with ECDSA_size(eckey) But i neeed 56 bytes signature. [for secp224r1] ECDSA_size is the *maximum* length of the encoded signature, see the man page. An actual encoded signature may be less, see my earlier reply; you are supposed to use ECDSA_size to allocate the buffer, but the length stored by ECDSA_sign or similar for actual length. But the ASN.1 encoding from ECDSA_sign, or i2d_ECDSA_SIG, is (a little) more than just the two numbers r and s. If you want an encoding that only has the two numbers either: 1. get the ASN.1 encoding, pick out the numbers (in ASN.1 signed but positive bigendian form), and do your other encoding 2. use ECDSA_do_sign or similar to get the ECDSA_SIG structure, and do your own encoding from that (by encoding the two bignums) Referring to my previous reply, if you use the more convenient high-level EVP_ interface you may need approach 1; I don't see option to change the encoding used there (but I may have missed). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 02:48 Yes i am talking about signature. ECDSA_SIG this ouptput structure will have r and s componet of 28 bytes each. [for 224-bit curve] So if I merge both r and s I will get 56 bytes right? These will not have any padding information?. The struct points to two bignums, which use an internal format; openssl can put what it likes in there. If you get the (near-trivial) encoding as big-endian btyes using BN_bn2bin, *that* does not have padding or overhead. Note that the numbers in an ECDSA signature are effectively uniform random up to the field order, so they will *rarely* be *smaller* than the keysize (here, less then 28 bytes). If you want *fixed* 28 bytes each, *you* will need to pad. (I forgot to allow for this in my earlier reply. The ASN.1 encoding can be less than 62 bytes in these cases.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Thanks for ur help . Can you guide me how can I use ECDH for exachnaging of the secret key. I have to implement in two phases. 1.i have private key of 256 bit lenght need to get phase i1 value wx,wy 2.In second I have phase1 value and private key and need to get secret key or public key. Thanks On 17 December 2012 13:55, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 02:48 Yes i am talking about signature. ECDSA_SIG this ouptput structure will have r and s componet of 28 bytes each. [for 224-bit curve] So if I merge both r and s I will get 56 bytes right? These will not have any padding information?. The struct points to two bignums, which use an internal format; openssl can put what it likes in there. If you get the (near-trivial) encoding as big-endian btyes using BN_bn2bin, *that* does not have padding or overhead. Note that the numbers in an ECDSA signature are effectively uniform random up to the field order, so they will *rarely* be *smaller* than the keysize (here, less then 28 bytes). If you want *fixed* 28 bytes each, *you* will need to pad. (I forgot to allow for this in my earlier reply. The ASN.1 encoding can be less than 62 bytes in these cases.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
I need to use ECDH to derive the shared key using public and private key given. On 17 December 2012 18:56, jeetendra gangele gangele...@gmail.com wrote: Thanks for ur help . Can you guide me how can I use ECDH for exachnaging of the secret key. I have to implement in two phases. 1.i have private key of 256 bit lenght need to get phase i1 value wx,wy 2.In second I have phase1 value and private key and need to get secret key or public key. Thanks On 17 December 2012 13:55, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 02:48 Yes i am talking about signature. ECDSA_SIG this ouptput structure will have r and s componet of 28 bytes each. [for 224-bit curve] So if I merge both r and s I will get 56 bytes right? These will not have any padding information?. The struct points to two bignums, which use an internal format; openssl can put what it likes in there. If you get the (near-trivial) encoding as big-endian btyes using BN_bn2bin, *that* does not have padding or overhead. Note that the numbers in an ECDSA signature are effectively uniform random up to the field order, so they will *rarely* be *smaller* than the keysize (here, less then 28 bytes). If you want *fixed* 28 bytes each, *you* will need to pad. (I forgot to allow for this in my earlier reply. The ASN.1 encoding can be less than 62 bytes in these cases.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
HI for ECDH can I use the HAs256 algorithm. I have gone through the inside DS and written this piece of code and it worked also. But here how can U sesha256 ,when i used i am getting the error. How can i use here sha256? int alen = 0; int blen = 0; int aout = 0; int bout = 0; static const int KDF1_SHA1_len = 20; unsigned char *abuf = NULL; unsigned char *bbuf = NULL; EC_KEY *ecdh = NULL; EC_KEY *ecdh2 = NULL; //Generate Public // ecdh = EC_KEY_new_by_curve_name(NID_secp521r1); // ecdh2 = EC_KEY_new_by_curve_name(NID_secp521r1); ecdh = EC_KEY_new_by_curve_name((NID_sect163k1)); ecdh2 = EC_KEY_new_by_curve_name(NID_sect163k1); EC_KEY_generate_key(ecdh); EC_KEY_generate_key(ecdh2); alen = KDF1_SHA1_len; abuf = (unsigned char *) OPENSSL_malloc (alen); aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(ecdh2), ecdh, KDF1_SHA1); printf(aout is %d\n,aout); blen = KDF1_SHA1_len; bbuf = (unsigned char *)OPENSSL_malloc(blen); bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(ecdh), ecdh2, KDF1_SHA1); On 17 December 2012 20:15, jeetendra gangele gangele...@gmail.com wrote: I need to use ECDH to derive the shared key using public and private key given. On 17 December 2012 18:56, jeetendra gangele gangele...@gmail.com wrote: Thanks for ur help . Can you guide me how can I use ECDH for exachnaging of the secret key. I have to implement in two phases. 1.i have private key of 256 bit lenght need to get phase i1 value wx,wy 2.In second I have phase1 value and private key and need to get secret key or public key. Thanks On 17 December 2012 13:55, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 02:48 Yes i am talking about signature. ECDSA_SIG this ouptput structure will have r and s componet of 28 bytes each. [for 224-bit curve] So if I merge both r and s I will get 56 bytes right? These will not have any padding information?. The struct points to two bignums, which use an internal format; openssl can put what it likes in there. If you get the (near-trivial) encoding as big-endian btyes using BN_bn2bin, *that* does not have padding or overhead. Note that the numbers in an ECDSA signature are effectively uniform random up to the field order, so they will *rarely* be *smaller* than the keysize (here, less then 28 bytes). If you want *fixed* 28 bytes each, *you* will need to pad. (I forgot to allow for this in my earlier reply. The ASN.1 encoding can be less than 62 bytes in these cases.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 13:17 HI for ECDH can I use the HAs256 algorithm. I have gone through the inside DS and written this piece of code and it worked also. But here how can U sesha256 ,when i used i am getting the error. How can i use here sha256? snip aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(ecdh2), ecdh, KDF1_SHA1); What is KDF1_SHA1? If it's copied from ec/ecdhtest.c or apps/speed.c, that's designed to use SHA1; if you want something else, change it. I'm not sure why it's even there; the comment in speed.c says it was in a tls-ecc draft, but it is NOT in 4492. I don't know of any other ECDH (or DH) applications that apply a nontrivial KDF directly to the agreement; if they do key derivation, it's somewhere else. Note that if you use a 163-bit curve as you coded, you won't get more than about 80 bits of security strength out of it no matter how you hash it, and that is now considered inadequate by most authorities. If you use your commented version with p521, and sha256 or maybe 384, you can get 256-bit strength, IF your keys actually have at least 256 bits of entropy going in. But no one actually needs 256-bit strength, and it's often a distraction from much more serious flaws elsewhere. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 08:26 To: openssl-users@openssl.org Subject: Re: Need help in loading private key for ECDSA Thanks for ur help . Can you guide me how can I use ECDH for exachnaging of the secret key. I have to implement in two phases. 1.i have private key of 256 bit lenght need to get phase i1 value wx,wy 2.In second I have phase1 value and private key and need to get secret key or public key. If you are using a 224-bit curve, as in your previous posts, a privatekey larger than 224-bits (really, larger than the field order, which is fractionally less) is at best a waste of time. The point_mul probably does work -- I haven't tested -- but if so it wraps around and gives no more security than a 224-bit value. For ECDH agreement, like DH, you need to do two phases at both parties. A has or chooses A-privatekey which determines A-publickey and sends A-pub to B; B similarly has or chooses B-priv and sends B-pub to A. A uses B-pub with A-priv to compute a resulting secret and B uses A-pub with B-priv to compute the same (shared) secret. The only real difference is that DH pubkey is one number in Z_p while ECDH pubkey is a nominally 2-dimensional point in the EC group. If you somehow have a secure privkey but not the corresponding pubkey, do what the last lines of EC_generate_key do: multiply (in the group) the base point by your privkey to get your pubkey. To do phase 2, use EC_compute_key which multiplies the *peer* pubkey (point) by your privkey and takes the x coordinate as the agreed value. Note if both parties have fixed keys -- called static [EC]DH or more specifically both-static or static-static -- the resulting agreed value is always the same. If you allow this, you must ensure the agreed value is used in a way that does not reduce security or allow attacks. Often this means not using it directly as a key. (TLS always mixes per-connection client and server nonces into its key derivation, for all key-exchange methods including both static and ephemeral/anonymous *DH.) If you force at least one party to use dynamic/nonce/transient/ephemeral key, with sufficient randomness/entropy in its key, that avoids this issue. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Yes i used from ec/ecdhtest.c. If you see the ECDH_compute_key in last argument It need some hash function to sign the shared secret. And here I need 256 bit secret key,that will be point on curve?. That why I tried to use here sha256,because sha1 is 20bytes . Also ECDH_compute_key for this fun I did not find much detail. Do you know how can I get x,y cordinate from public point i mean which API to use? On 18 December 2012 04:36, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 13:17 HI for ECDH can I use the HAs256 algorithm. I have gone through the inside DS and written this piece of code and it worked also. But here how can U sesha256 ,when i used i am getting the error. How can i use here sha256? snip aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(ecdh2), ecdh, KDF1_SHA1); What is KDF1_SHA1? If it's copied from ec/ecdhtest.c or apps/speed.c, that's designed to use SHA1; if you want something else, change it. I'm not sure why it's even there; the comment in speed.c says it was in a tls-ecc draft, but it is NOT in 4492. I don't know of any other ECDH (or DH) applications that apply a nontrivial KDF directly to the agreement; if they do key derivation, it's somewhere else. Note that if you use a 163-bit curve as you coded, you won't get more than about 80 bits of security strength out of it no matter how you hash it, and that is now considered inadequate by most authorities. If you use your commented version with p521, and sha256 or maybe 384, you can get 256-bit strength, IF your keys actually have at least 256 bits of entropy going in. But no one actually needs 256-bit strength, and it's often a distraction from much more serious flaws elsewhere. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Actaully here I need to write the hash function which generate the 448 bit hash value. By looking into openssl I did not find any hash function which can generate the 448 bit. Do we have any library function for generating 448 bit hash value? On 18 December 2012 08:18, jeetendra gangele gangele...@gmail.com wrote: Yes i used from ec/ecdhtest.c. If you see the ECDH_compute_key in last argument It need some hash function to sign the shared secret. And here I need 256 bit secret key,that will be point on curve?. That why I tried to use here sha256,because sha1 is 20bytes . Also ECDH_compute_key for this fun I did not find much detail. Do you know how can I get x,y cordinate from public point i mean which API to use? On 18 December 2012 04:36, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Monday, 17 December, 2012 13:17 HI for ECDH can I use the HAs256 algorithm. I have gone through the inside DS and written this piece of code and it worked also. But here how can U sesha256 ,when i used i am getting the error. How can i use here sha256? snip aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(ecdh2), ecdh, KDF1_SHA1); What is KDF1_SHA1? If it's copied from ec/ecdhtest.c or apps/speed.c, that's designed to use SHA1; if you want something else, change it. I'm not sure why it's even there; the comment in speed.c says it was in a tls-ecc draft, but it is NOT in 4492. I don't know of any other ECDH (or DH) applications that apply a nontrivial KDF directly to the agreement; if they do key derivation, it's somewhere else. Note that if you use a 163-bit curve as you coded, you won't get more than about 80 bits of security strength out of it no matter how you hash it, and that is now considered inadequate by most authorities. If you use your commented version with p521, and sha256 or maybe 384, you can get 256-bit strength, IF your keys actually have at least 256 bits of entropy going in. But no one actually needs 256-bit strength, and it's often a distraction from much more serious flaws elsewhere. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org - __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Actaully I was trying to generate the signature of lenght 56 bytes but its failing. When I check the code it said lenght of the sig should not lessa than 56. can anybody help me how can I generate the signature of lenght 56 bytes?. On 14 December 2012 19:11, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 13:36, jeetendra gangele gangele...@gmail.com wrote: Ok, So is there any way after setting these parameters I can get the public key(point) on curve.? Setting the parameters just gets you a curve, not a private/public key pair. To create a private/public key pair create an EC_KEY object (passing in the curve as a parameter), and then call EC_KEY_generate_key. Then you can get the public key from the EC_KEY object. after setting the curve parameter I can ask for point in the curve there is one API I have seen right? GetPublicKey. Can u do that from command line? As far as I know you can't use custom curves from the command line - but I am not an expert on the command line tool so others on this list may be able to answer that. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Can anybody guide me how can I generate the digital signature of 56 bytes for ecdsa. I am using the curve NID_secp224r1. Thanks jeetendra On 17 December 2012 09:26, jeetendra gangele gangele...@gmail.com wrote: Actaully I was trying to generate the signature of lenght 56 bytes but its failing. When I check the code it said lenght of the sig should not lessa than 56. can anybody help me how can I generate the signature of lenght 56 bytes?. On 14 December 2012 19:11, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 13:36, jeetendra gangele gangele...@gmail.com wrote: Ok, So is there any way after setting these parameters I can get the public key(point) on curve.? Setting the parameters just gets you a curve, not a private/public key pair. To create a private/public key pair create an EC_KEY object (passing in the curve as a parameter), and then call EC_KEY_generate_key. Then you can get the public key from the EC_KEY object. after setting the curve parameter I can ask for point in the curve there is one API I have seen right? GetPublicKey. Can u do that from command line? As far as I know you can't use custom curves from the command line - but I am not an expert on the command line tool so others on this list may be able to answer that. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Its generating 64 bytes when I print with ECDSA_size(eckey) But i neeed 56 bytes signature. On 17 December 2012 12:26, jeetendra gangele gangele...@gmail.com wrote: Can anybody guide me how can I generate the digital signature of 56 bytes for ecdsa. I am using the curve NID_secp224r1. Thanks jeetendra On 17 December 2012 09:26, jeetendra gangele gangele...@gmail.com wrote: Actaully I was trying to generate the signature of lenght 56 bytes but its failing. When I check the code it said lenght of the sig should not lessa than 56. can anybody help me how can I generate the signature of lenght 56 bytes?. On 14 December 2012 19:11, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 13:36, jeetendra gangele gangele...@gmail.com wrote: Ok, So is there any way after setting these parameters I can get the public key(point) on curve.? Setting the parameters just gets you a curve, not a private/public key pair. To create a private/public key pair create an EC_KEY object (passing in the curve as a parameter), and then call EC_KEY_generate_key. Then you can get the public key from the EC_KEY object. after setting the curve parameter I can ask for point in the curve there is one API I have seen right? GetPublicKey. Can u do that from command line? As far as I know you can't use custom curves from the command line - but I am not an expert on the command line tool so others on this list may be able to answer that. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Sunday, 16 December, 2012 22:57 Actaully I was trying to generate the signature of lenght 56 bytes but its failing. When I check the code it said lenght of the sig should not lessa than 56. can anybody help me how can I generate the signature of lenght 56 bytes?. To be clear: you are talking about the length of the *signature*, not of the data that was signed? If you are using a 224-bit ECDSA keypair, as your previous posts suggest, the signature semantically consists of two numbers each 224 bits or 28 bytes; however, openssl (at least) encodes these numbers in an ASN.1 SEQUENCE with total length 62-64 bytes. If you want to generate such a signature, either use the EVP_Sign* functions to do the usual process for you (hash the bulk data, using a hash you specify whose output size should not be larger than your keysize, then ECDSA-sign the hash) or do the hash yourself and then call ECDSA_sign or one of its variants yourself. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Yes i am talking about signature. ECDSA_SIG this ouptput structure will have r and s componet of 28 bytes each. So if I merge both r and s I will get 56 bytes right? These will not have any padding information?. Thanks jeet On 17 December 2012 13:04, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele Sent: Sunday, 16 December, 2012 22:57 Actaully I was trying to generate the signature of lenght 56 bytes but its failing. When I check the code it said lenght of the sig should not lessa than 56. can anybody help me how can I generate the signature of lenght 56 bytes?. To be clear: you are talking about the length of the *signature*, not of the data that was signed? If you are using a 224-bit ECDSA keypair, as your previous posts suggest, the signature semantically consists of two numbers each 224 bits or 28 bytes; however, openssl (at least) encodes these numbers in an ASN.1 SEQUENCE with total length 62-64 bytes. If you want to generate such a signature, either use the EVP_Sign* functions to do the usual process for you (hash the bulk data, using a hash you specify whose output size should not be larger than your keysize, then ECDSA-sign the hash) or do the hash yourself and then call ECDSA_sign or one of its variants yourself. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
char b1[] = 18679335321211177614181391980475641049275229937844945546185683145837; Where did you get this value from? Is this a private key you have been provided with that you *must* use? Unless you particularly need to use a specific private key it is better to use EC_KEY_generate_key This will create a private key for you as well as calculating the associated public key. BN_dec2bn(res,b1); // BN_dec2bn(x,b1); // BN_dec2bn(y,b1); // BN_dec2bn((pub_key-X), 1234567890123456789012345678); // BN_dec2bn(pub_key-Y, 1234567890123456789012345678); pkey = EC_KEY_new_by_curve_name(NID_secp224r1); group = EC_KEY_get0_group(pkey); pub_key = EC_POINT_new(group); ret = EC_KEY_set_private_key(pkey, res); //EC_KEY_set_public_key_affine_coordinates(pkey,x,y); It appears you have commented out all of the code above to insert the public key. This is probably why the EC_KEY_check_key call is failing. One of the things this function checks is that the public key is sane. In addition the code you have that is commented out above for the public key looks very odd. The public key is not just any (x, y) co-ordinate - it must point a point which is on the curve! Further it must be equal to the curve generator multiplied by the private key. If you use the EC_KEY_generate_key function referred to above then this will all be dealt with for you. If however you need to calculate the public key itself from an existing private key then use something like this to create it: if (!EC_POINT_mul(group, pub_key, pkey, NULL, NULL, ctx)) goto err; Matt
Re: Need help in loading private key for ECDSA
But why we need to load the public key for signing the data? for signing I need only private key. When I load the public and private both key I could sign the data. but when I load only private key and calling Key_check function its failing. Thanks Jeetendra On 14 December 2012 15:32, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: char b1[] = 18679335321211177614181391980475641049275229937844945546185683145837; Where did you get this value from? Is this a private key you have been provided with that you *must* use? Unless you particularly need to use a specific private key it is better to use EC_KEY_generate_key This will create a private key for you as well as calculating the associated public key. BN_dec2bn(res,b1); // BN_dec2bn(x,b1); // BN_dec2bn(y,b1); // BN_dec2bn((pub_key-X), 1234567890123456789012345678); // BN_dec2bn(pub_key-Y, 1234567890123456789012345678); pkey = EC_KEY_new_by_curve_name(NID_secp224r1); group = EC_KEY_get0_group(pkey); pub_key = EC_POINT_new(group); ret = EC_KEY_set_private_key(pkey, res); //EC_KEY_set_public_key_affine_coordinates(pkey,x,y); It appears you have commented out all of the code above to insert the public key. This is probably why the EC_KEY_check_key call is failing. One of the things this function checks is that the public key is sane. In addition the code you have that is commented out above for the public key looks very odd. The public key is not just any (x, y) co-ordinate - it must point a point which is on the curve! Further it must be equal to the curve generator multiplied by the private key. If you use the EC_KEY_generate_key function referred to above then this will all be dealt with for you. If however you need to calculate the public key itself from an existing private key then use something like this to create it: if (!EC_POINT_mul(group, pub_key, pkey, NULL, NULL, ctx)) goto err; Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On 14 December 2012 10:32, jeetendra gangele gangele...@gmail.com wrote: But why we need to load the public key for signing the data? for signing I need only private key. When I load the public and private both key I could sign the data. but when I load only private key and calling Key_check function its failing. Well technically of course you never need to explicitly have the public key if you have the private key - it can always be generated if needed. However thats not the way the library works. According to the way the library has been written an EC_KEY object is only valid if it contains either a public key, or a private/public key pair. If you are going to call EC_KEY_check_key then you must have a public key present (even if it is never used for your scenario). The presence of a public key is one of the first things that EC_KEY_check_key looks for. Matt
Re: Need help in loading private key for ECDSA
Okay, Thankd for ur reply. If i have only private key in my ECC_key object Will be able to sign the data?. I mean i will load only private key and use the curve.Will I be able to sign the data? and How can i load other parametes like a,b,g,n in to the object. On 14 December 2012 16:12, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 10:32, jeetendra gangele gangele...@gmail.com wrote: But why we need to load the public key for signing the data? for signing I need only private key. When I load the public and private both key I could sign the data. but when I load only private key and calling Key_check function its failing. Well technically of course you never need to explicitly have the public key if you have the private key - it can always be generated if needed. However thats not the way the library works. According to the way the library has been written an EC_KEY object is only valid if it contains either a public key, or a private/public key pair. If you are going to call EC_KEY_check_key then you must have a public key present (even if it is never used for your scenario). The presence of a public key is one of the first things that EC_KEY_check_key looks for. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On 14 December 2012 11:14, jeetendra gangele gangele...@gmail.com wrote: Okay, Thankd for ur reply. If i have only private key in my ECC_key object Will be able to sign the data?. I've not tried it, so I'm not sure. I've had a quick review of the code and I can't see any reason why not, but I wouldn't recommend it. I would not consider an EC_KEY object that failed an EC_KEY_check_key call to be valid, and I would expect the library to make the same assumption. It is safer to have the public key present, and it is not difficult to do so. I mean i will load only private key and use the curve.Will I be able to sign the data? and How can i load other parametes like a,b,g,n in to the object. If you are using a named curve (as you are in the code example you posted), you do not need to worry about the other parameters. These are incorporated into the definition of the named curve. Matt
Re: Need help in loading private key for ECDSA
Thanks But i have these parameters and I wanted to load them p,a,b,q Do u know how can i load them? Thanks jeetendra On 14 December 2012 17:10, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 11:14, jeetendra gangele gangele...@gmail.com wrote: Okay, Thankd for ur reply. If i have only private key in my ECC_key object Will be able to sign the data?. I've not tried it, so I'm not sure. I've had a quick review of the code and I can't see any reason why not, but I wouldn't recommend it. I would not consider an EC_KEY object that failed an EC_KEY_check_key call to be valid, and I would expect the library to make the same assumption. It is safer to have the public key present, and it is not difficult to do so. I mean i will load only private key and use the curve.Will I be able to sign the data? and How can i load other parametes like a,b,g,n in to the object. If you are using a named curve (as you are in the code example you posted), you do not need to worry about the other parameters. These are incorporated into the definition of the named curve. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
sorry its p,a,b,x,y On 14 December 2012 17:17, jeetendra gangele gangele...@gmail.com wrote: Thanks But i have these parameters and I wanted to load them p,a,b,q Do u know how can i load them? Thanks jeetendra On 14 December 2012 17:10, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 11:14, jeetendra gangele gangele...@gmail.com wrote: Okay, Thankd for ur reply. If i have only private key in my ECC_key object Will be able to sign the data?. I've not tried it, so I'm not sure. I've had a quick review of the code and I can't see any reason why not, but I wouldn't recommend it. I would not consider an EC_KEY object that failed an EC_KEY_check_key call to be valid, and I would expect the library to make the same assumption. It is safer to have the public key present, and it is not difficult to do so. I mean i will load only private key and use the curve.Will I be able to sign the data? and How can i load other parametes like a,b,g,n in to the object. If you are using a named curve (as you are in the code example you posted), you do not need to worry about the other parameters. These are incorporated into the definition of the named curve. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On 14 December 2012 11:47, jeetendra gangele gangele...@gmail.com wrote: Thanks But i have these parameters and I wanted to load them p,a,b,q Do u know how can i load them? The parameters are related to the definition of the curve. Where did you get the parameters from? Are you sure they are not just the parameters from a standard curve? It is much better to use the standard built in curves that attempting to create your own. Can you ask the person that supplied you with these parameters to tell you which standard curve they are using? If you really *have* to use the parameters directly, and they are not from a standard curve then you will need to create the curve yourself. You can use EC_GROUP_new_curve_GFp for an Fp (NID_X9_62_prime_field) curve or EC_GROUP_new_curve_GF2m for an F2m (NID_X9_62_characteristic_two_field) curve. You will also need to call EC_GROUP_set_generator to set the generator point for the curve. Matt
Re: Need help in loading private key for ECDSA
I got these parameters from marlin and I wanted to load these parameter. Its must for me to load these parameters. On 14 December 2012 17:37, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 11:47, jeetendra gangele gangele...@gmail.com wrote: Thanks But i have these parameters and I wanted to load them p,a,b,q Do u know how can i load them? The parameters are related to the definition of the curve. Where did you get the parameters from? Are you sure they are not just the parameters from a standard curve? It is much better to use the standard built in curves that attempting to create your own. Can you ask the person that supplied you with these parameters to tell you which standard curve they are using? If you really *have* to use the parameters directly, and they are not from a standard curve then you will need to create the curve yourself. You can use EC_GROUP_new_curve_GFp for an Fp (NID_X9_62_prime_field) curve or EC_GROUP_new_curve_GF2m for an F2m (NID_X9_62_characteristic_two_field) curve. You will also need to call EC_GROUP_set_generator to set the generator point for the curve. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Ok Do you know if there any dependency between these curve parameters and private and public key.? I mean I am loading these parameters and generating private and public keys from Openssl command line tools. It did not worked for me . but when i use standard curve and load public and private keys it worked for me. So is there any relation between curve parameters and public and private keys. thanks On 14 December 2012 18:07, jeetendra gangele gangele...@gmail.com wrote: I got these parameters from marlin and I wanted to load these parameter. Its must for me to load these parameters. On 14 December 2012 17:37, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 11:47, jeetendra gangele gangele...@gmail.com wrote: Thanks But i have these parameters and I wanted to load them p,a,b,q Do u know how can i load them? The parameters are related to the definition of the curve. Where did you get the parameters from? Are you sure they are not just the parameters from a standard curve? It is much better to use the standard built in curves that attempting to create your own. Can you ask the person that supplied you with these parameters to tell you which standard curve they are using? If you really *have* to use the parameters directly, and they are not from a standard curve then you will need to create the curve yourself. You can use EC_GROUP_new_curve_GFp for an Fp (NID_X9_62_prime_field) curve or EC_GROUP_new_curve_GF2m for an F2m (NID_X9_62_characteristic_two_field) curve. You will also need to call EC_GROUP_set_generator to set the generator point for the curve. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On 14 December 2012 12:37, jeetendra gangele gangele...@gmail.com wrote: I got these parameters from marlin and I wanted to load these parameter. Its must for me to load these parameters. I am not familiar with what marlin is, so I cannot advise on that. I would double check that the parameters do not correspond to a standard curve. Have a look in src/crypto/ec/ec_curve.c in the openssl source code. Check to see if your p value is present in the built in data structures somewhere. If not you will have to do it by creating the curve yourself as per my previous post. Assuming you have a Fp curve, then you will need to know p, a, b, generator (x and y co-ords), order and co-factor. You can then do something like: if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) goto err; if ((gen = EC_POINT_new(group)) == NULL) goto err; if (!EC_POINT_set_affine_coordinates_GFp(group, gen, x, y, ctx)) goto err; if (!EC_GROUP_set_generator(group, gen, order, cofactor)) goto err; If you have an F2m curve then the parameters are the same except you need to know m instead of p (the code is similar but replace GFp with GF2m). Confusingly though the Openssl codebase refers to p for F2m curves to mean p = 2^m. If you're not sure which one you've got, then if p is odd then its probably an Fp curve, whilst if its even its probably F2m. Matt
Re: Need help in loading private key for ECDSA
Yes there is a dependency. The curve parameters define what the curve is, whilst the public key is a point on the curve. The public key is inherently linked to the curve parameters. If you change the parameters then the public key will no longer be valid. Matt On 14 December 2012 12:42, jeetendra gangele gangele...@gmail.com wrote: Ok Do you know if there any dependency between these curve parameters and private and public key.? I mean I am loading these parameters and generating private and public keys from Openssl command line tools. It did not worked for me . but when i use standard curve and load public and private keys it worked for me. So is there any relation between curve parameters and public and private keys. thanks On 14 December 2012 18:07, jeetendra gangele gangele...@gmail.com wrote: I got these parameters from marlin and I wanted to load these parameter. Its must for me to load these parameters. On 14 December 2012 17:37, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 11:47, jeetendra gangele gangele...@gmail.com wrote: Thanks But i have these parameters and I wanted to load them p,a,b,q Do u know how can i load them? The parameters are related to the definition of the curve. Where did you get the parameters from? Are you sure they are not just the parameters from a standard curve? It is much better to use the standard built in curves that attempting to create your own. Can you ask the person that supplied you with these parameters to tell you which standard curve they are using? If you really *have* to use the parameters directly, and they are not from a standard curve then you will need to create the curve yourself. You can use EC_GROUP_new_curve_GFp for an Fp (NID_X9_62_prime_field) curve or EC_GROUP_new_curve_GF2m for an F2m (NID_X9_62_characteristic_two_field) curve. You will also need to call EC_GROUP_set_generator to set the generator point for the curve. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Ok, So is there any way after setting these parameters I can get the public key(point) on curve.? after setting the curve parameter I can ask for point in the curve there is one API I have seen right? GetPublicKey. Can u do that from command line? thanks jeetendra On 14 December 2012 18:40, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: Yes there is a dependency. The curve parameters define what the curve is, whilst the public key is a point on the curve. The public key is inherently linked to the curve parameters. If you change the parameters then the public key will no longer be valid. Matt On 14 December 2012 12:42, jeetendra gangele gangele...@gmail.com wrote: Ok Do you know if there any dependency between these curve parameters and private and public key.? I mean I am loading these parameters and generating private and public keys from Openssl command line tools. It did not worked for me . but when i use standard curve and load public and private keys it worked for me. So is there any relation between curve parameters and public and private keys. thanks On 14 December 2012 18:07, jeetendra gangele gangele...@gmail.com wrote: I got these parameters from marlin and I wanted to load these parameter. Its must for me to load these parameters. On 14 December 2012 17:37, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 11:47, jeetendra gangele gangele...@gmail.com wrote: Thanks But i have these parameters and I wanted to load them p,a,b,q Do u know how can i load them? The parameters are related to the definition of the curve. Where did you get the parameters from? Are you sure they are not just the parameters from a standard curve? It is much better to use the standard built in curves that attempting to create your own. Can you ask the person that supplied you with these parameters to tell you which standard curve they are using? If you really *have* to use the parameters directly, and they are not from a standard curve then you will need to create the curve yourself. You can use EC_GROUP_new_curve_GFp for an Fp (NID_X9_62_prime_field) curve or EC_GROUP_new_curve_GF2m for an F2m (NID_X9_62_characteristic_two_field) curve. You will also need to call EC_GROUP_set_generator to set the generator point for the curve. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On 14 December 2012 13:36, jeetendra gangele gangele...@gmail.com wrote: Ok, So is there any way after setting these parameters I can get the public key(point) on curve.? Setting the parameters just gets you a curve, not a private/public key pair. To create a private/public key pair create an EC_KEY object (passing in the curve as a parameter), and then call EC_KEY_generate_key. Then you can get the public key from the EC_KEY object. after setting the curve parameter I can ask for point in the curve there is one API I have seen right? GetPublicKey. Can u do that from command line? As far as I know you can't use custom curves from the command line - but I am not an expert on the command line tool so others on this list may be able to answer that. Matt
Re: Need help in loading private key for ECDSA
it looks very odd loading of public key during sign operation. Ok tell me one thing I can load any valid point on the curve during sign. and whn I verify the signed message i should be able to verify with the other valid public key? Thanks jeet On 14 December 2012 19:11, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 13:36, jeetendra gangele gangele...@gmail.com wrote: Ok, So is there any way after setting these parameters I can get the public key(point) on curve.? Setting the parameters just gets you a curve, not a private/public key pair. To create a private/public key pair create an EC_KEY object (passing in the curve as a parameter), and then call EC_KEY_generate_key. Then you can get the public key from the EC_KEY object. after setting the curve parameter I can ask for point in the curve there is one API I have seen right? GetPublicKey. Can u do that from command line? As far as I know you can't use custom curves from the command line - but I am not an expert on the command line tool so others on this list may be able to answer that. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On 14 December 2012 14:20, jeetendra gangele gangele...@gmail.com wrote: it looks very odd loading of public key during sign operation. Ok tell me one thing I can load any valid point on the curve during sign. An ECDSA sign operates on the curve and associated parameters, the private key, and the message, and outputs two values (which are just numbers) r and s. No points on the curve are provided as input or received as output (although they are used internally). What I have recommended to you is that you fill in both the private and public key in the EC_KEY object so that an EC_KEY_check_key call passes. This is not loading any valid point on the curve...it must be the public key for the associated private key, or EC_KEY_check_key will not pass. As I said in one of my first emails, it is straight forward to find the public key given the private key. and whn I verify the signed message i should be able to verify with the other valid public key? When verifying you will be able to verify with the public key that corresponds to the private key used originally to sign the message. Matt
Re: Need help in loading private key for ECDSA
On 14 December 2012 20:18, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 14:20, jeetendra gangele gangele...@gmail.com wrote: it looks very odd loading of public key during sign operation. Ok tell me one thing I can load any valid point on the curve during sign. An ECDSA sign operates on the curve and associated parameters, the private key, and the message, and outputs two values (which are just numbers) r and s. No points on the curve are provided as input or received as output (although they are used internally). What I have recommended to you is that you fill in both the private and public key in the EC_KEY object so that an EC_KEY_check_key call passes. This is not loading any valid point on the curve...it must be the public key for the associated private key, or EC_KEY_check_key will not pass. As I said in one of my first emails, it is straight forward to find the public key given the private key. Here I wont agree because suppose if I loaded all the curve parameters and try to load public key which wont lie on the curve,Its failing. and whn I verify the signed message i should be able to verify with the other valid public key? When verifying you will be able to verify with the public key that corresponds to the private key used originally to sign the message. This I understand Matt -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On 14 December 2012 15:02, jeetendra gangele gangele...@gmail.com wrote: On 14 December 2012 20:18, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 14:20, jeetendra gangele gangele...@gmail.com wrote: it looks very odd loading of public key during sign operation. Ok tell me one thing I can load any valid point on the curve during sign. An ECDSA sign operates on the curve and associated parameters, the private key, and the message, and outputs two values (which are just numbers) r and s. No points on the curve are provided as input or received as output (although they are used internally). What I have recommended to you is that you fill in both the private and public key in the EC_KEY object so that an EC_KEY_check_key call passes. This is not loading any valid point on the curve...it must be the public key for the associated private key, or EC_KEY_check_key will not pass. As I said in one of my first emails, it is straight forward to find the public key given the private key. Here I wont agree because suppose if I loaded all the curve parameters and try to load public key which wont lie on the curve,Its failing. As previously mentioned the code to find a public key given a private key looks like this: if (!EC_POINT_mul(group, pub_key, pkey, NULL, NULL, ctx)) goto err; All you need is the curve and the private key and in one line you can get the public key. Matt
Re: Need help in loading private key for ECDSA
On 14 December 2012 20:39, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 15:02, jeetendra gangele gangele...@gmail.com wrote: On 14 December 2012 20:18, Matt Caswell (fr...@baggins.org) fr...@baggins.org wrote: On 14 December 2012 14:20, jeetendra gangele gangele...@gmail.com wrote: it looks very odd loading of public key during sign operation. Ok tell me one thing I can load any valid point on the curve during sign. An ECDSA sign operates on the curve and associated parameters, the private key, and the message, and outputs two values (which are just numbers) r and s. No points on the curve are provided as input or received as output (although they are used internally). What I have recommended to you is that you fill in both the private and public key in the EC_KEY object so that an EC_KEY_check_key call passes. This is not loading any valid point on the curve...it must be the public key for the associated private key, or EC_KEY_check_key will not pass. As I said in one of my first emails, it is straight forward to find the public key given the private key. Here I wont agree because suppose if I loaded all the curve parameters and try to load public key which wont lie on the curve,Its failing. As previously mentioned the code to find a public key given a private key looks like this: if (!EC_POINT_mul(group, pub_key, pkey, NULL, NULL, ctx)) goto err; All you need is the curve and the private key and in one line you can get the public key. Yes i did same thanks for all ur support. Is there any relation between curve parameter and private key or private key can be any random number? As far I remeber there is relation and it depend upon discrete math problem that is unsolved as of now. so once that problem got resolved private key can be broken. am i correct? Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
Yes i did same thanks for all ur support. Is there any relation between curve parameter and private key or private key can be any random number? Yes there is a relationship. The private key must be a random number between 0 and the order of the curve. As far I remeber there is relation and it depend upon discrete math problem that is unsolved as of now. so once that problem got resolved private key can be broken. am i correct? You are talking about the relationship between the private key and the public key. The security is based on the difficulty of solving the discrete logarithm problem. Basically if g^x = h, where g and h are elements of a finite cyclic group (in other words points on our curve in this case), it is hard to find x given g and h. In this case g is the generator point (one of the curve parameters), x is the private key and h is the public key. If someone finds a short cut for solving this problem then the security is broken. Matt
Re: Need help in loading private key for ECDSA
On Thu, Dec 13, 2012 at 7:21 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton Sent: Thursday, 13 December, 2012 16:31 On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele gangele...@gmail.com wrote: snip ... Nit: the primitive operation in ECC is called addition and the iterated form multiplication, so the privatekey value is called a multiplicand. Unlike RSA and DH, where multiplication in Z_n is iterated to give exponentiation. Yes, being lazy. Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of Matt Caswell (fr...@baggins.org) Sent: Friday, 14 December, 2012 08:42 On 14 December 2012 13:36, jeetendra gangele gangele...@gmail.com wrote: snip Can u do that from command line? As far as I know you can't use custom curves from the command line - but I am not an expert on the command line tool so others on this list may be able to answer that. commandline ecparam can read any curve definition, but has builtin only named ones. I haven't tested, but if you build a custom EC_GROUP and write it out in explicit form, -genkey should work. Of course then all it's really doing is calling EC_generate_key and PEM_write_ or i2d_ to a file, which you can easily do yourself. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help in loading private key for ECDSA
On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele gangele...@gmail.com wrote: Hi i tried to load private key into 224 curve for ecdsa and I am getting below error. EC_KEY_check_key failed: error:100B1043:lib(16):func(177):reason(67). Bleow is my fun to load key. Can anybody guide me? $ openssl errstr 100B1043 error:100B1043:elliptic curve routines:EC_KEY_check_key:passed a null parameter I have not really been following this thread, so please forgive my dumb questions. Are you using a NIST curve? If I recall correctly, OpenSSL only supports some (all?) NIST curves. If you are trying to use Bernstein's Curve-25519 (or an arbitrary curve), I don't believe it will work. How did you generate the private key (the exponent) and public key (point on the curve)? Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need help in loading private key for ECDSA
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton Sent: Thursday, 13 December, 2012 16:31 On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele gangele...@gmail.com wrote: snip I have not really been following this thread, so please forgive my dumb questions. Are you using a NIST curve? If I recall correctly, OpenSSL only supports some (all?) NIST curves. If you are trying to use Bernstein's Curve-25519 (or an arbitrary curve), I don't believe it will work. OP's code in some places uses secp224r1 and in some places sect163k1. It's not clear which (if either?) is correct. IIRC both of these are in the NIST subset, but just SECG is enough to be standard. libcrypto EC_*, and thus EVP_*, supports both named/standard curves and explicit ones. I believe that includes cert verification as relevant to SSL/TLS, but haven't tested. libssl *for key exchange* only supports named curves. How did you generate the private key (the exponent) and public key (point on the curve)? OP apparently didn't generate any key, he's trying to use key values he got from someplace that appear bogus. Nit: the primitive operation in ECC is called addition and the iterated form multiplication, so the privatekey value is called a multiplicand. Unlike RSA and DH, where multiplication in Z_n is iterated to give exponentiation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
