Re: X52219/X448 export public key coordinates
Thanks for the explanation, that probably makes sense. Thank you Matt From: Kyle Hamilton Date: Monday, 21 November 2022 12:46 To: ORNEST Matej - Contractor Cc: openssl-users Subject: Re: X52219/X448 export public key coordinates The reason has to do with the type of curve representation. X25519 is typically represented in (I believe, but I'm not an expert and I haven't looked at the primary sources recently so take this with a grain of salt) Montgomery form. Its digital signature counterpart Ed25519 uses the same curve represented in Edwards form. Conversely, the NIST curves are in Weierstrass form. The EC_KEY interface deals solely with Weierstrass form. To my understanding, you can convert any curve to any representation. However, different forms can be acted on with different values at different levels of efficiency, which is why the different forms exist. I hope this helps! -Kyle H On Fri, Nov 18, 2022, 11:47 ORNEST Matej - Contractor via openssl-users mailto:openssl-users@openssl.org>> wrote: Yeah, of course, sorry for the typo. I’ve already found a solution that seems to be working by using EVP_PKEY_get_raw_public_key() for these types of curves. I was confused why it’s not working with EC_KEY interfaces though it’s type of elliptic curve. Then I found somewhere that it’s implemented outside the context of EC. It’s not clear to me why but I believe there’s a good reason for it. Anyway, thanks for your answer! Regards Matt On 18. 11. 2022, at 17:13, Kyle Hamilton mailto:aerow...@gmail.com>> wrote: X25519? On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users mailto:openssl-users@openssl.org>> wrote: Hi all, I need to implement support for X52219/X448 for DH key exchange (and Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export public key for DH exchange in form of DER encoded chunk in form tag+X-coordinate+Y-coordinate. Thus I need to get EC_POINT from EVP_PKEY and encode it as needed. I understand that those key types differs from EC types in way that I need just X coordinate and a flag bit to reconstruct the key, but still, how do I get the X coordinate? My solution works for all other EC types such as SecpX and Brainpool families, but not for X52219/X448 keys and I do not completely understand why. Specifically when I decode public key previously encoded with i2d_PUBKEY() to EVP_PEKY and try to get EC_KEY by calling EVP_PKEY_get0_EC_KEY(), it returns NULL and issues an error that it’s not an EC key… I’m using following code: EVP_PKEY *key = … // Decode from DER encoded public key if(key != nil) { EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(key); /// When X52219 or X448 key is passed, ecKey is NULL if(ecKey != NULL) { const EC_POINT *point = EC_KEY_get0_public_key(ecKey); const EC_GROUP *group = EC_KEY_get0_group(ecKey); if(point != NULL && group != NULL) { BIGNUM *bnX = BN_new(); BIGNUM *bnY = BN_new(); if(EC_POINT_get_affine_coordinates(group, point, bnX, bnY, NULL)) { char *hexX = BN_bn2hex(bnX); char *hexY = BN_bn2hex(bnY); // Convert to custom data structures … } BN_free(bnX); BN_free(bnY); } } } Is there any way how to export those key types in desired format? I’m using OpenSSL version 1.1.1q. Thank you very much for any hint Matt
Re: X52219/X448 export public key coordinates
The reason has to do with the type of curve representation. X25519 is typically represented in (I believe, but I'm not an expert and I haven't looked at the primary sources recently so take this with a grain of salt) Montgomery form. Its digital signature counterpart Ed25519 uses the same curve represented in Edwards form. Conversely, the NIST curves are in Weierstrass form. The EC_KEY interface deals solely with Weierstrass form. To my understanding, you can convert any curve to any representation. However, different forms can be acted on with different values at different levels of efficiency, which is why the different forms exist. I hope this helps! -Kyle H On Fri, Nov 18, 2022, 11:47 ORNEST Matej - Contractor via openssl-users < openssl-users@openssl.org> wrote: > Yeah, of course, sorry for the typo. I’ve already found a solution that > seems to be working by using EVP_PKEY_get_raw_public_key() for these types > of curves. I was confused why it’s not working with EC_KEY interfaces > though it’s type of elliptic curve. Then I found somewhere that it’s > implemented outside the context of EC. It’s not clear to me why but I > believe there’s a good reason for it. > Anyway, thanks for your answer! > > Regards > Matt > > On 18. 11. 2022, at 17:13, Kyle Hamilton wrote: > > > X25519? > > On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users < > openssl-users@openssl.org> wrote: > >> Hi all, >> >> >> >> I need to implement support for X52219/X448 for DH key exchange (and >> Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export >> public key for DH exchange in form of DER encoded chunk in form >> tag+X-coordinate+Y-coordinate. Thus I need to get EC_POINT from EVP_PKEY >> and encode it as needed. I understand that those key types differs from EC >> types in way that I need just X coordinate and a flag bit to reconstruct >> the key, but still, how do I get the X coordinate? >> >> My solution works for all other EC types such as SecpX and Brainpool >> families, but not for X52219/X448 keys and I do not completely understand >> why. Specifically when I decode public key previously encoded with >> i2d_PUBKEY() to EVP_PEKY and try to get EC_KEY by calling >> EVP_PKEY_get0_EC_KEY(), it returns NULL and issues an error that it’s not >> an EC key… >> >> >> >> I’m using following code: >> >> >> >> EVP_PKEY *key = … // Decode from DER encoded public key >> >> >> >> if(key != nil) { >> >> >> >> EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(key); >> >> /// When X52219 or X448 key is passed, ecKey is NULL >> >> if(ecKey != NULL) { >> >> const EC_POINT *point = EC_KEY_get0_public_key(ecKey); >> >> const EC_GROUP *group = EC_KEY_get0_group(ecKey); >> >> >> >> if(point != NULL && group != NULL) { >> >> BIGNUM *bnX = BN_new(); >> >> BIGNUM *bnY = BN_new(); >> >> >> >> if(EC_POINT_get_affine_coordinates(group, point, bnX, >> bnY, NULL)) { >> >> char *hexX = BN_bn2hex(bnX); >> >> char *hexY = BN_bn2hex(bnY); >> >> >> >> // Convert to custom data structures >> >> … >> >> } >> >> >> >> BN_free(bnX); >> >> BN_free(bnY); >> >> } >> >> } >> >> } >> >> >> >> >> >> Is there any way how to export those key types in desired format? I’m >> using OpenSSL version 1.1.1q. >> >> >> >> Thank you very much for any hint >> >> Matt >> >
Re: X52219/X448 export public key coordinates
Yeah, of course, sorry for the typo. I’ve already found a solution that seems to be working by using EVP_PKEY_get_raw_public_key() for these types of curves. I was confused why it’s not working with EC_KEY interfaces though it’s type of elliptic curve. Then I found somewhere that it’s implemented outside the context of EC. It’s not clear to me why but I believe there’s a good reason for it. Anyway, thanks for your answer! Regards Matt On 18. 11. 2022, at 17:13, Kyle Hamilton wrote: X25519? On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users mailto:openssl-users@openssl.org>> wrote: Hi all, I need to implement support for X52219/X448 for DH key exchange (and Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export public key for DH exchange in form of DER encoded chunk in form tag+X-coordinate+Y-coordinate. Thus I need to get EC_POINT from EVP_PKEY and encode it as needed. I understand that those key types differs from EC types in way that I need just X coordinate and a flag bit to reconstruct the key, but still, how do I get the X coordinate? My solution works for all other EC types such as SecpX and Brainpool families, but not for X52219/X448 keys and I do not completely understand why. Specifically when I decode public key previously encoded with i2d_PUBKEY() to EVP_PEKY and try to get EC_KEY by calling EVP_PKEY_get0_EC_KEY(), it returns NULL and issues an error that it’s not an EC key… I’m using following code: EVP_PKEY *key = … // Decode from DER encoded public key if(key != nil) { EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(key); /// When X52219 or X448 key is passed, ecKey is NULL if(ecKey != NULL) { const EC_POINT *point = EC_KEY_get0_public_key(ecKey); const EC_GROUP *group = EC_KEY_get0_group(ecKey); if(point != NULL && group != NULL) { BIGNUM *bnX = BN_new(); BIGNUM *bnY = BN_new(); if(EC_POINT_get_affine_coordinates(group, point, bnX, bnY, NULL)) { char *hexX = BN_bn2hex(bnX); char *hexY = BN_bn2hex(bnY); // Convert to custom data structures … } BN_free(bnX); BN_free(bnY); } } } Is there any way how to export those key types in desired format? I’m using OpenSSL version 1.1.1q. Thank you very much for any hint Matt
Re: X52219/X448 export public key coordinates
X25519? On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users < openssl-users@openssl.org> wrote: > Hi all, > > > > I need to implement support for X52219/X448 for DH key exchange (and > Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export > public key for DH exchange in form of DER encoded chunk in form > tag+X-coordinate+Y-coordinate. Thus I need to get EC_POINT from EVP_PKEY > and encode it as needed. I understand that those key types differs from EC > types in way that I need just X coordinate and a flag bit to reconstruct > the key, but still, how do I get the X coordinate? > > My solution works for all other EC types such as SecpX and Brainpool > families, but not for X52219/X448 keys and I do not completely understand > why. Specifically when I decode public key previously encoded with > i2d_PUBKEY() to EVP_PEKY and try to get EC_KEY by calling > EVP_PKEY_get0_EC_KEY(), it returns NULL and issues an error that it’s not > an EC key… > > > > I’m using following code: > > > > EVP_PKEY *key = … // Decode from DER encoded public key > > > > if(key != nil) { > > > > EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(key); > > /// When X52219 or X448 key is passed, ecKey is NULL > > if(ecKey != NULL) { > > const EC_POINT *point = EC_KEY_get0_public_key(ecKey); > > const EC_GROUP *group = EC_KEY_get0_group(ecKey); > > > > if(point != NULL && group != NULL) { > > BIGNUM *bnX = BN_new(); > > BIGNUM *bnY = BN_new(); > > > > if(EC_POINT_get_affine_coordinates(group, point, bnX, > bnY, NULL)) { > > char *hexX = BN_bn2hex(bnX); > > char *hexY = BN_bn2hex(bnY); > > > > // Convert to custom data structures > > … > > } > > > > BN_free(bnX); > > BN_free(bnY); > > } > > } > > } > > > > > > Is there any way how to export those key types in desired format? I’m > using OpenSSL version 1.1.1q. > > > > Thank you very much for any hint > > Matt >
X52219/X448 export public key coordinates
Hi all, I need to implement support for X52219/X448 for DH key exchange (and Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export public key for DH exchange in form of DER encoded chunk in form tag+X-coordinate+Y-coordinate. Thus I need to get EC_POINT from EVP_PKEY and encode it as needed. I understand that those key types differs from EC types in way that I need just X coordinate and a flag bit to reconstruct the key, but still, how do I get the X coordinate? My solution works for all other EC types such as SecpX and Brainpool families, but not for X52219/X448 keys and I do not completely understand why. Specifically when I decode public key previously encoded with i2d_PUBKEY() to EVP_PEKY and try to get EC_KEY by calling EVP_PKEY_get0_EC_KEY(), it returns NULL and issues an error that it’s not an EC key… I’m using following code: EVP_PKEY *key = … // Decode from DER encoded public key if(key != nil) { EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(key); /// When X52219 or X448 key is passed, ecKey is NULL if(ecKey != NULL) { const EC_POINT *point = EC_KEY_get0_public_key(ecKey); const EC_GROUP *group = EC_KEY_get0_group(ecKey); if(point != NULL && group != NULL) { BIGNUM *bnX = BN_new(); BIGNUM *bnY = BN_new(); if(EC_POINT_get_affine_coordinates(group, point, bnX, bnY, NULL)) { char *hexX = BN_bn2hex(bnX); char *hexY = BN_bn2hex(bnY); // Convert to custom data structures … } BN_free(bnX); BN_free(bnY); } } } Is there any way how to export those key types in desired format? I’m using OpenSSL version 1.1.1q. Thank you very much for any hint Matt