>> This should help if its in PEM format: http://www.cryptopp.com/wiki/PEM_Pack. >> You won't need to use OpenSSL to convert it to ASN.1/DER. >> > I did try PEM pack and I receive a BER decode error. However if I convert it myself > I am able to pass the resulting DER into dumpasn1 and read the key parameters > successfully.
Oh, that's egg on my face since I wrote it. Can you send me what you have for testing and diagnostics? Or a set of test keys to duplicate the problem? > So I have a few questions - the public key component of starts with 02 (see the > openssl output of the key above) which signifies point compression right? I believe that is correct, but I'd need to see a key to confirm. (I'd probably just dump it with Gutmann's ASN.1 or `openssl asn1` utility). > However how do I construct points q and g) You should be given G. Its the generator, and its part of the domain parameters. x is the private exponent, and Q is the public key. To generate `x`, you pick a random number in [1, p-1] (IIRC). To get Q, you perform Q = xG (IIRC). Jeff On Tuesday, March 3, 2015 at 1:41:37 AM UTC-5, Brendan Jones wrote: > > > On Tuesday, 3 March 2015 06:08:02 UTC+1, Jeffrey Walton wrote: >> >> >> I was wondering if anyone could tell me if it is in fact possible to >>> verify a signature created using WTLS-8? >>> A reference to the specification of this curve can be found here: >>> http://technical.openmobilealliance.org/tech/affiliates/wap/wap-261-wtls-20010406-a.pdf >>> >>> (page 90) >>> >> >> From page 64 of the document you cited: >> >> enum { anonymous(0), ecdsa_sha(1), rsa_sha(2), (255)} >> SignatureAlgorithm; >> >> You should be OK with rsa_sha, but its not clear to me if all the >> ecdsa_sha are supported. To understand why, you need to look at Table 8 on >> page 86 and the curves WTLS calls out. I *think* Crypto++ will support >> about 8 of the 12 they specify. >> >> >>> We are currently looking at alternatives to OpenSSL and Crypto++ seems >>> like a good way to go. >>> I have spent a little time trying to do this in Crypto++ but I have not >>> had any success as yet. Before I go any further I thought I'd ask the >>> knowledgable folk here. >>> >> >> I think it depends on what you want to accomplish. >> >> Are you interested *only* in verifying a signature that's already been >> parsed? Or are you interested in the bigger package? Here, the bigger >> package includes things like implementing the protocol (sub tasks will >> include asynchronous socket I/O, record layer implementation, X.509 >> parsing, key exchange, bulk transfer, etc). >> >> If its the former, then Crypto++ should do fine. If the latter, then you >> are going to have a lot of work because it looks like a re-implementation >> of TLS. In the case of the latter, you should evaluate another library. >> > > Just the ECDSA signature verification. Its a legacy application and we > can't change the private key at the other end.The public key does not name > a curve but by comparing to the EC params from open ssl and the > aforementioned document it looks like wap-wsg-idm-ecid-wtls8 which is not > One of the names curves that crypto++ supports, so I will need to construct > the curve manually. > >> >> From your other message: >> >> > At the moment, all I have is the public key. I can use OpenSSL to dump >> > the output of the public key and can convert it to DER format in >> Crypto++ >> > and what I pass it through dumpasn1 it matches... >> >> This should help if its in PEM format: >> http://www.cryptopp.com/wiki/PEM_Pack. You won't need to use OpenSSL to >> convert it to ASN.1/DER. >> > > I did try PEM pack and I receive a BER decode error. However if I convert > it myself I am able to pass the resulting DER into dumpasn1 and read the > key parameters sucessfully. > > > > >> > eg (I'm not entirely comfortable posting the key in a public forum so I >> > have obfuscated some of the detail here): >> >> That's fine. Call out the curve you are using from page 88. Or, post the >> OID, Curve Name or domain parameters (Curve, Base Point and Modulus); keep >> the Public Point (Q) and the Private Exponent (x) to yourself. >> >> Jeff >> > > So I have a few questions - the public key component of starts with 02 > (see the openssl output of the key above) which signifies point compression > right? Therefore how I can I construct the key in the manner below (taken > from the wiki): > > Integers p, a and b I can construct from the key output above. However how > do I construct points q and g? Do I have to solve for y**2 = x**3 + ax + b > over GF(p) ? > If I assume use the parameters from > http://technical.openmobilealliance.org/tech/affiliates/wap/wap-261-wtls-20010406-a.pdf > (page > 90) have been used I can provide a value for point g which seems to fit. > > ECP curve( p, a, b ); > ECP::Point g( gx, gy ); > ECP::Point q( qx, qy ); > > ECDSA<ECP, SHA1>::PublicKey publicKey; > publicKey.Initialize( curve, g, n, q ); > > bool result = publicKey.Validate( prng, 3 ); > if( !result ) { ... } > > Thanks again > > Brendan > > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
