Re: Verify signature (ECDSA_do_verify) using only x-coordinate in public key (EC_POINT)?
Hi, Thanks for your response. I'm sure that I only have the x-coordinate and when I reed up on ecc, it seems to be possible to verify the signature by only using this x-coordinate. Is there a way to do this with OpenSSL? Br, Jonas 2013/9/3 Matt Caswell fr...@baggins.org On 3 September 2013 15:16, Jonas Andersson jonasanderssonm...@gmail.com wrote: Hi all, Is there a way to verify a signature with ECDSA_do_verify having only the x-coordinate (in public key) available? Are you sure you *only* have the x-coord and not a point in compressed format? The difference being that with compressed format you get an octet at the front specifying which of the two possible y values to use (the y bit) followed by the full octets for the x coordinate. If you have it in compressed format as an octet string there are functions to load it. You need to make sure that the point conversion form for the curve is POINT_CONVERSION_COMPRESSED. You can set this using EC_GROUP_set_point_conversion_form (not sure off the top of my head what the default is for this). You can then load your compressed point using EC_POINT_oct2point. Alternatively you can use EC_POINT_set_compressed_coordinates_GFp or EC_POINT_set_compressed_coordinates_GF2m (for prime curves or binary curves as appropriate). Hope that helps, Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify signature (ECDSA_do_verify) using only x-coordinate in public key (EC_POINT)?
On 6 September 2013 07:22, Jonas Andersson jonasanderssonm...@gmail.com wrote: Hi, Thanks for your response. I'm sure that I only have the x-coordinate and when I reed up on ecc, it seems to be possible to verify the signature by only using this x-coordinate. Is there a way to do this with OpenSSL? In order to verify a signature you must have a copy of the public key. The public key is a point on the curve. Points on the curve can be communicated either in uncompressed format (providing both the x and y co-ordinates), or in compressed format (providing the x co-ordinate and the least significant bit of y). OpenSSL supports both of these. Without the y bit you do not have a full public key, and there is no support for verifying a signature without this bit in OpenSSL (and I would be surprised if there was in any other library either). I am not aware of any standards which supply the x-coord without the y bit. However, if you don't have the y-bit it could still be possible to verify the signaturethe y-bit can only have two possible values at the end of the day!! Therefore you would have to try both values and see if either of them verify. Not a very nice solution though. Matt Br, Jonas 2013/9/3 Matt Caswell fr...@baggins.org On 3 September 2013 15:16, Jonas Andersson jonasanderssonm...@gmail.com wrote: Hi all, Is there a way to verify a signature with ECDSA_do_verify having only the x-coordinate (in public key) available? Are you sure you *only* have the x-coord and not a point in compressed format? The difference being that with compressed format you get an octet at the front specifying which of the two possible y values to use (the y bit) followed by the full octets for the x coordinate. If you have it in compressed format as an octet string there are functions to load it. You need to make sure that the point conversion form for the curve is POINT_CONVERSION_COMPRESSED. You can set this using EC_GROUP_set_point_conversion_form (not sure off the top of my head what the default is for this). You can then load your compressed point using EC_POINT_oct2point. Alternatively you can use EC_POINT_set_compressed_coordinates_GFp or EC_POINT_set_compressed_coordinates_GF2m (for prime curves or binary curves as appropriate). Hope that helps, Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify signature (ECDSA_do_verify) using only x-coordinate in public key (EC_POINT)?
On 3 September 2013 15:16, Jonas Andersson jonasanderssonm...@gmail.com wrote: Hi all, Is there a way to verify a signature with ECDSA_do_verify having only the x-coordinate (in public key) available? Are you sure you *only* have the x-coord and not a point in compressed format? The difference being that with compressed format you get an octet at the front specifying which of the two possible y values to use (the y bit) followed by the full octets for the x coordinate. If you have it in compressed format as an octet string there are functions to load it. You need to make sure that the point conversion form for the curve is POINT_CONVERSION_COMPRESSED. You can set this using EC_GROUP_set_point_conversion_form (not sure off the top of my head what the default is for this). You can then load your compressed point using EC_POINT_oct2point. Alternatively you can use EC_POINT_set_compressed_coordinates_GFp or EC_POINT_set_compressed_coordinates_GF2m (for prime curves or binary curves as appropriate). Hope that helps, Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
