>> However how do I construct points q and g) >> > You should be given G. Its the generator, and its part of the domain parameters. ? > x is the private exponent, and Q is the public key. To generate `x`, you > pick a random number in [1, p-1] (IIRC). To get Q, you perform Q = xG (IIRC).
It just occurred to me what you may have been asking.... Use the Initialize() that takes a PRNG. The library will generate x and Q for you. If you use the Initialize() that lacks the PRNG, then you have to supply x and Q. Jeff On Tuesday, March 3, 2015 at 6:21:44 PM UTC-5, Jeffrey Walton wrote: > >> This should help if its in PEM format: > http://www.cryptopp.com/wiki/PEM_Pack. > >> You won't need to use OpenSSL to convert it to ASN.1/DER. > >> > > I did try PEM pack and I receive a BER decode error. However if I > convert it myself > > I am able to pass the resulting DER into dumpasn1 and read the key > parameters > > successfully. > > Oh, that's egg on my face since I wrote it. > > Can you send me what you have for testing and diagnostics? Or a set of > test keys to duplicate the problem? > > > So I have a few questions - the public key component of starts with 02 > (see the > > openssl output of the key above) which signifies point compression right? > > I believe that is correct, but I'd need to see a key to confirm. (I'd > probably just dump it with Gutmann's ASN.1 or `openssl asn1` utility). > > > However how do I construct points q and g) > > You should be given G. Its the generator, and its part of the domain > parameters. > > x is the private exponent, and Q is the public key. To generate `x`, you > pick a random number in [1, p-1] (IIRC). To get Q, you perform Q = xG > (IIRC). > > Jeff > > On Tuesday, March 3, 2015 at 1:41:37 AM UTC-5, Brendan Jones wrote: > >> >> >> On Tuesday, 3 March 2015 06:08:02 UTC+1, Jeffrey Walton wrote: >>> >>> >>> I was wondering if anyone could tell me if it is in fact possible to >>>> verify a signature created using WTLS-8? >>>> A reference to the specification of this curve can be found here: >>>> http://technical.openmobilealliance.org/tech/affiliates/wap/wap-261-wtls-20010406-a.pdf >>>> >>>> (page 90) >>>> >>> >>> From page 64 of the document you cited: >>> >>> enum { anonymous(0), ecdsa_sha(1), rsa_sha(2), (255)} >>> SignatureAlgorithm; >>> >>> You should be OK with rsa_sha, but its not clear to me if all the >>> ecdsa_sha are supported. To understand why, you need to look at Table 8 on >>> page 86 and the curves WTLS calls out. I *think* Crypto++ will support >>> about 8 of the 12 they specify. >>> >>> >>>> We are currently looking at alternatives to OpenSSL and Crypto++ seems >>>> like a good way to go. >>>> I have spent a little time trying to do this in Crypto++ but I have not >>>> had any success as yet. Before I go any further I thought I'd ask the >>>> knowledgable folk here. >>>> >>> >>> I think it depends on what you want to accomplish. >>> >>> Are you interested *only* in verifying a signature that's already been >>> parsed? Or are you interested in the bigger package? Here, the bigger >>> package includes things like implementing the protocol (sub tasks will >>> include asynchronous socket I/O, record layer implementation, X.509 >>> parsing, key exchange, bulk transfer, etc). >>> >>> If its the former, then Crypto++ should do fine. If the latter, then you >>> are going to have a lot of work because it looks like a re-implementation >>> of TLS. In the case of the latter, you should evaluate another library. >>> >> >> Just the ECDSA signature verification. Its a legacy application and we >> can't change the private key at the other end.The public key does not name >> a curve but by comparing to the EC params from open ssl and the >> aforementioned document it looks like wap-wsg-idm-ecid-wtls8 which is >> not One of the names curves that crypto++ supports, so I will need to >> construct the curve manually. >> >>> >>> From your other message: >>> >>> > At the moment, all I have is the public key. I can use OpenSSL to dump >>> > the output of the public key and can convert it to DER format in >>> Crypto++ >>> > and what I pass it through dumpasn1 it matches... >>> >>> This should help if its in PEM format: >>> http://www.cryptopp.com/wiki/PEM_Pack. You won't need to use OpenSSL to >>> convert it to ASN.1/DER. >>> >> >> I did try PEM pack and I receive a BER decode error. However if I convert >> it myself I am able to pass the resulting DER into dumpasn1 and read the >> key parameters sucessfully. >> >> >> >> >>> > eg (I'm not entirely comfortable posting the key in a public forum so I >>> > have obfuscated some of the detail here): >>> >>> That's fine. Call out the curve you are using from page 88. Or, post the >>> OID, Curve Name or domain parameters (Curve, Base Point and Modulus); keep >>> the Public Point (Q) and the Private Exponent (x) to yourself. >>> >>> Jeff >>> >> >> So I have a few questions - the public key component of starts with 02 >> (see the openssl output of the key above) which signifies point compression >> right? Therefore how I can I construct the key in the manner below (taken >> from the wiki): >> >> Integers p, a and b I can construct from the key output above. However >> how do I construct points q and g? Do I have to solve for y**2 = x**3 + ax >> + b over GF(p) ? >> If I assume use the parameters from >> http://technical.openmobilealliance.org/tech/affiliates/wap/wap-261-wtls-20010406-a.pdf >> (page >> 90) have been used I can provide a value for point g which seems to fit. >> >> >> ECP curve( p, a, b ); >> ECP::Point g( gx, gy ); >> ECP::Point q( qx, qy ); >> >> ECDSA<ECP, SHA1>::PublicKey publicKey; >> publicKey.Initialize( curve, g, n, q ); >> >> bool result = publicKey.Validate( prng, 3 ); >> if( !result ) { ... } >> >> Thanks again >> >> Brendan >> >> -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
