I'm extremely new to this so any help would be much appreciated.
Ultimately I need to use pre-computed Public and Private EC keys to
digitally sign and verify a message. I can't seem to be able to take
the DER encoded keys and produce a usable EC_KEY for calling the
ECDSA_sign() or ECDSA_verify() functions.
To try to simplify, I attempted the following unrelated code (error
checking removed)
int len;
unsigned char *pptr;
unsigned char buf[1024];
int ret;
ECDSA_SIG *sig;
EC_KEY *newkey;
EC_KEY *eckey = EC_KEY_new();
// Get the EC Group
eckey->group = EC_GROUP_new_by_curve_name(NID_secp192k1);
// Generate a new key
if (!EC_KEY_generate_key(eckey))
{
printf("Error generating key!\n");
return 0;
}
// Get the private key in DER
pptr = buf;
len = i2d_ECPrivateKey(eckey, &pptr);
// Convert the private key back from DER/allocate new eckey
newkey = d2i_ECPrivateKey(NULL, &pptr, len);
if (newkey == NULL)
{
printf("This always fails!!\n");
}
Why does the call to d2i_ECPrivateKey(NULL, &pptr, len); always fail?
(the length returned from the previous call is 222), generating the key,
allocation and group by name all appears to work.
I think what I am really lacking is an understanding of how the ECDSA
library is meant to be used. Are there any examples of how to do this?
Everything I find seems to use the above 'generate key' rather than
using pre-computed keys.
I would have thought that I passed my known key into the
d2i_ECPrivateKey() function and used the result from that point forward.
Is this not the normal use flow?
Thanks in advance for any advice (or pointers on where to read more),
Ryan
