The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
The method generateKeyPairHex() returns an EC pair,
if the private Key from this method is used to generate a public key using the generatePublicKeyHex method,
the generated public key is different from the initial one generated with the generateKeyPairHex method and the verifyHex returns False.
To reproduce:
1st iteration
var ec = new KJUR.crypto.ECDSA({'curve': 'secp256k1'});
var keypair = ec.generateKeyPairHex();
var prvhex = keypair.ecprvhex; // 6fb4b88abe877f6c79aa6c72cd31c0519b4e22d17ee0c06e070e1fc45cd50f3f
var pubhex = keypair.ecpubhex; // 043aa54824d46b23fa5662012b3f0a7457a86951dbfc3ce42a790a9c7db3ccabacb4eb2d8b078f6769c4e2c1c539900521a416af507a82f51f3bec92b916bb829e
2nd iteration
var ec = new KJUR.crypto.ECDSA({'curve': 'secp256k1'});
var prvhex = "6fb4b88abe877f6c79aa6c72cd31c0519b4e22d17ee0c06e070e1fc45cd50f3f"
var pubhex = ec.generatePublicKeyHex(prvhex); // 0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
The method generateKeyPairHex() returns an EC pair, if the private Key from this method is used to generate a public key using the
generatePublicKeyHex
method, the generated public key is different from the initial one generated with thegenerateKeyPairHex
method and theverifyHex
returnsFalse
. To reproduce: