Closed spidemen closed 2 years ago
The curve is chosen during the key generation. In this sample, you can find the curve here:
// Use the SECP256k1 curve to sign and verify.
KeyPair kp = new AsymmetricKeys().generateECKeyPair(CaviumECGenParameterSpec.K256, "ectest");
Is there a specific error you are getting while running this sample?
when I try to use following function with EC private key :
String keyhex = "a551a5a55ffb2d7225660962b193cbda57b911e2d0fcedaf29d6d7c1f1e71***";
BigInteger priv = new BigInteger(keyhex, 16);
String message = "dfdd7f15cb3c2f890d3174c197556ff4ac1b4a981cd2f5e56952f5f71e4d9772";
public static byte[] sign(byte[] message, PrivateKey key, String signingAlgorithm)
throws SignatureException, InvalidKeyException, NoSuchAlgorithmException,
NoSuchProviderException {
java.security.Signature sig = java.security.Signature.getInstance(signingAlgorithm, "Cavium");
sig.initSign(key);
sig.update(message);
return sig.sign();
}
I got following signature:
3045022100f1d1fdd33ef62975024536431899c4202d7c522225274b69724f8ced1755a19d02204b3af8884b25d8756bfefbe9cb31fe96b57f3975d6a8204cf58c412039883b5f.
The same as following code:
java.security.Signature sig = java.security.Signature.getInstance("ECDSA",
new BouncyCastleProvider());
sig.initSign(privateKey);
sig.update(ByteArray.fromHexString(message));
got signature like 3045022100f1d1fdd33ef62975024536431899c4202d7c522225274b69724f8ced1755a19d02204b3af8884b25d8756bfefbe9cb31fe96b57f3975d6a8204cf58c41203988xxxx
The length is not correct and also it should not start with prefix 30xxxxx. I use another method to do ECSDA and I got following signature, which is correct.
57992f252ccd34cc9213efae413cf70609c3cca1f6afdac90bad5f75709ee5a65dd29db9b3034ce9bf487e28ba119c3ce8f90f9a7bc3da3f330e14861806b55c00
Obviously, the length of second signature is shorter than the first one. My user case is on block chain and I need broadcast this signature and it need to be verified by fullnodes on blockchain.
The signatures returned by sign
are DER encoded, which is where the 0x30
byte is coming from. It looks like both Cavium and BouncyCastle are returning this format. The signatures look like what I'd expect:
30 45 // DER encoded block of 0x45 bytes
02 21 // integer, 0x21 bytes (r value)
00 f1 d1 fd d3 3e f6 29
75 02 45 36 43 18 99 c4
20 2d 7c 52 22 25 27 4b
69 72 4f 8c ed 17 55 a1
9d
02 20 // integer, 0x20 bytes (s value)
4b 3a f8 88 4b 25 d8 75
6b fe fb e9 cb 31 fe 96
b5 7f 39 75 d6 a8 20 4c
f5 8c 41 20 39 88 3b 5f
I can't see how you are importing your keyhex
value into the hsm. So I can't be sure of that code.
I'm not sure which method you are using to generate your signature. It looks like your signature is 41 bytes, which seems like a valid signature without the DER encoding. You should be able to decode the JCE signature and get a signature which matches your other method.
Can you show an example of decoding DER 3045022100f1d1fdd33ef62975024536431899c4202d7c522225274b69724f8ced1755a19d02204b3af8884b25d8756bfefbe9cb31fe96b57f3975d6a8204cf58c412039883b5f
string ?? like get string like 57992f252ccd34cc9213efae413cf70609c3cca1f6afdac90bad5f75709ee5a65dd29db9b3034ce9bf487e28ba119c3ce8f90f9a7bc3da3f330e14861806b55c00
. Can you give some code ?? thanks
30 45 // DER encoded block of 0x45 bytes
02 21 // integer, 0x21 bytes (r value)
00 f1 d1 fd d3 3e f6 29
75 02 45 36 43 18 99 c4
20 2d 7c 52 22 25 27 4b
69 72 4f 8c ed 17 55 a1
9d
02 20 // integer, 0x20 bytes (s value)
4b 3a f8 88 4b 25 d8 75
6b fe fb e9 cb 31 fe 96
b5 7f 39 75 d6 a8 20 4c
f5 8c 41 20 39 88 3b 5f
our signature is a combination of r + s + v (r(32 bytes)+s(32 bytes)+v(1 bytes)) , where r and s is 32 bytes and v is only one byte. From above signature string, s value is 0x20bytes (r value) -- 32 bytes , while 0x21 bytes (r value) -- 33 bytes. Any idea about v, the first byte of r value is v ???
I'm not sure what v
is in your signature, but the confusion may be around the leading 0x00 in the r
value. In a DER integer the first bit determines whether the number is signed or not. Since the first byte in this r
value is 0xf1 (or any byte that has 1 as the first bit), a leading 0x00 byte must be included to show that this value is an unsigned integer. Stripping that 0x00 byte should be done by your DER decoder (BouncyCastle I assume?). This will leave you with a 32 byte r
value and 32 byte s
value.
I can't provide code as I'm not sure of your implementation, so my code will certainly be wrong. I would recommend BouncyCastle's ASN1 decoder, because I think you are already using BouncyCastle? This will expose the DERIntegers, which could then be concatenated to get your preferred format.
Closing after inactivity, please re-open if you are still experiencing problems.
I was trying to generate EC key with secpk1, but when I try to sign with this key, the signature I got was not signed by secpk1 curve ???
there is no any place for us to chose sign curve ??? any example of secpk1 sign ??