[jira] [Comment Edited] (SSHD-986) Implement ECDSA public key recovery

Wed, 29 Apr 2020 09:20:22 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17095591#comment-17095591
 ] 

Lyor Goldstein edited comment on SSHD-986 at 4/29/20, 4:19 PM:
---------------------------------------------------------------

Good questions + sample code - will have to think about it. It may take some 
time though - as of next week I will be rather busy for some time...

Meanwhile here is something I have considered - we can split the code in 
{{PKCS8PEMResourceKeyPairParser#extractKeyPairs}} so that after it extracts the 
private key, it calls a protected method to extract the public key. By default, 
the protected method calls {{KeyUtils.recoverPublicKey(prvKey)}} unless it 
detects ECDSA key OID and then it calls some TBD method...


was (Author: lgoldstein):
Good questions + sample code - will have to think about it. It may take some 
time though - as of next week I will be rather busy for some time...

> Implement ECDSA public key recovery
> -----------------------------------
>
>                 Key: SSHD-986
>                 URL: https://issues.apache.org/jira/browse/SSHD-986
>             Project: MINA SSHD
>          Issue Type: New Feature
>    Affects Versions: 2.4.0
>            Reporter: Thomas Wolf
>            Priority: Minor
>         Attachments: ECRecoverTest.java
>
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to