search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.25k stars 645 forks source link

Inconsistent Key Pair #533

Closed AndreaScorza closed 2 years ago

AndreaScorza commented 2 years ago

The method generateKeyPairHex() returns an EC pair, if the private Key from this method is used to generate a public key using the generatePublicKeyHex method, the generated public key is different from the initial one generated with the generateKeyPairHex method and the verifyHex returns False. To reproduce:

1st iteration
var ec = new KJUR.crypto.ECDSA({'curve': 'secp256k1'});
var keypair = ec.generateKeyPairHex();
var prvhex = keypair.ecprvhex; // 6fb4b88abe877f6c79aa6c72cd31c0519b4e22d17ee0c06e070e1fc45cd50f3f
var pubhex = keypair.ecpubhex;   // 043aa54824d46b23fa5662012b3f0a7457a86951dbfc3ce42a790a9c7db3ccabacb4eb2d8b078f6769c4e2c1c539900521a416af507a82f51f3bec92b916bb829e
2nd iteration
var ec = new KJUR.crypto.ECDSA({'curve': 'secp256k1'});
var prvhex = "6fb4b88abe877f6c79aa6c72cd31c0519b4e22d17ee0c06e070e1fc45cd50f3f"
var pubhex = ec.generatePublicKeyHex(prvhex); // 0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
AndreaScorza commented 2 years ago

Very sorry, I found my mistake, I am passing the hex of the private key to the method instead of passing it to the constructor.