Open rickmark opened 3 years ago
ECDSA_*()
functions are deprecated and I'd like to avoid implementing a feature on top of the legacy API.
There is an open Pull Request https://github.com/openssl/openssl/pull/9223 to add RFC 6979 support via the EVP API.
Once it is merged and I finish #382, OpenSSL::PKey::EC#sign_raw
can take ecdsa_nonce_type: "deterministic"
argument.
I'm liking #382 - but I'd like to keep this as well:
being able to call sign with the value of k
specified
being able to call sign with the value of inverse_k
and r
specified
This can be handled in the options hash.
This unblocks a number of scenarios for usage in Bitcoin / ECC where "close to the metal" is needed. I've also started to prepare a test suite that verifies correctness with predetermined k
values. (see https://github.com/lian/bitcoin-ruby/compare/master...rickmark:master)
I know introducing k
means that if misused clients can leak their private key... but I think good documentation that you shouldn't provide these values if you don't know what they are.
At the end of last year, OpenSSL finally added RFC 6979 support through the EVP API: https://github.com/openssl/openssl/pull/18809
It will likely be available in OpenSSL 3.2.
It is not possible to specify the value for
k
allowing the usage of https://tools.ietf.org/html/rfc6979This limits the ability to use
libcrypto
ECC operations in a number of ways.OpenSSL::PKey::EC#dsa_sign_asn1
should take an optional precomputed K value as those APIs exist in OpenSSL