search

PeculiarVentures / graphene

A simple layer for interacting with PKCS #11 / PKCS11 / CryptoKI for Node in TypeScript. (Keywords: Javascript, PKCS#11, Crypto, Smart Card, HSM)
MIT License
169 stars 34 forks source link

ECDSA signature how to retrieve recovery ID? #118

Closed porkchop closed 4 years ago

porkchop commented 5 years ago

When creating an ECDSA signature we receive the r and s values concatenated, but the recovery ID necessary to build a signature from which the public key can be extracted is not available - as far as I can tell. Is there anyway to get it? Here's an example of how it is used in a bitcoin-like signing library: https://github.com/porkchop/eosjs-ecc/blob/native-secp256k1/src/signature.js#L209 Big thanks for any help

microshine commented 5 years ago

Maybe it can be useful https://ethereum.stackexchange.com/questions/42455/during-ecdsa-signing-how-do-i-generate-the-recovery-id

porkchop commented 5 years ago

thanks @microshine Actually that supports what I came to realize about the recovery id - providing this value is something that just needs to be supported by the HSM itself since the recovery id can only be determined as part of the signature generation calculation. I'm assuming that's not a generic feature for most HSM's so probably nothing can be provided by graphene for it. (I totally could be wrong in this assumption) Incidentally, I solved this in my case by just trying the values 1 and 0 (since one of those are the recovery id with high probability), and checking if the public key extracted from the resulting sig matches the public key for the signing key. Not efficient but it does the trick in my case.

rmhrisk commented 5 years ago

As Grpahene is a layer on PKCS11. If there is even vendor specific support for the recovery in a PKCS11 implement then it could expose it.

lmahanand commented 4 years ago

hello @porkchop

Apologies for commenting on this closed issue. I am trying to recover the public key by using 0 and 1 value but still not able to recover the correct public key. Though the created R and S value (S > Curve.N/2) are getting verified by ECDSA signature verifier.

I have also raised a question in stack exchange AWS Cloud HSM issue

If could help me in finding where exactly I am wrong in recovering the public key?

lmahanand commented 4 years ago

hello @porkchop

Apologies for commenting on this closed issue. I am trying to recover the public key by using 0 and 1 value but still not able to recover the correct public key. Though the created R and S value (S > Curve.N/2) are getting verified by ECDSA signature verifier.

I have also raised a question in stack exchange AWS Cloud HSM issue

If could help me in finding where exactly I am wrong in recovering the public key?

I am able to fix it after using the correct ASN Object ID of secp256k1.