Closed java-crypto closed 3 years ago
Hello and thank you for the issue! The PKCS8 seems to have another structure according to the RFC https://datatracker.ietf.org/doc/html/rfc5915 that describes SEC1.
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Whereas RFC https://datatracker.ietf.org/doc/html/rfc5208 describes the PKCS8 as
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL }
I oriented myself on the structure that is used by openssl. I will update the parsing method to support both structures. I keep you updated.
This is done now with version 3.5.0. I took over your example and added your code with some improvements.
Thanks for your very helpful library that I could use many times in my Cross platform cryptography project that is supporting a lot of frameworks (Java, PHP, C#, JavaScript, NodeJs, Golang, Python and Dart).
When trying to run a compatible Dart version of an ECDSA signature using the curve PRIME256V1 and SHA-256 hashing I encountered the problem that your import function ("CryptoUtils.ecPrivateKeyFromPem") is only accepting an EC private key in traditional = SEC1 encoding but not in a PKCS#8 encoding that is widely used in Java etc.
Below you find a full running program that is showing the issue - the SEC1 encoded private key signs and verifies the signature against a plaintext, the PKCS#8 encoded key is failing (that's why I'm surrounding the function call with a "try/catch" construct) and in the end I'm presenting a rough coded import of an EC private key in PKCS#8 encoding that signs and verifies successfully.
Just a note regarding the EC keys - they are sample keys I used and published in my project, so don't worry.
BTW: a good place for choosing the SEC1- or PKCS#8-import could be in the PEM-header line - a SEC1 header is "BEGIN EC PRIVATE KEY", the PKCS#8 header line is "BEGIN PRIVATE KEY".
Full source code: