subject:"ECDSA \- Signature verify"

Re: ECDSA - Signature verify

2014-06-12 Thread Dave Thompson

> From: owner-openssl-us...@openssl.org On Behalf Of Anant Rao
> Sent: Wednesday, June 11, 2014 09:45

> The signature is generated by a client program (also a 'c' program). What is 
> the format of a signature? How do I find out?

The format for an ECDSA or DSA signature is an ASN.1 SEQUENCE of two INTEGERs.
I'm practice I've always seen DER, but I don't know if that's required; the two 
reasons 
that commonly require DER (hashed and byte-compared) don't apply.

> Just to confirm - whether it's ECDSA or RSA, for verification, we just get 
> the EVP_PKEY data structure filled with 
> the public key correctly and call in a sequence ending up with a call to 
> EVP_VerifyFinal. Is that correct?

Either the old way with EVP_Verify{Init,Update,Final} and the key on the Final,
or the new way with EVP_DigestVerify{Init,Update,Final} and the key on the Init.
But either way independent of the keytype = PKalgorithm.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: ECDSA - Signature verify

2014-06-11 Thread Anant Rao

Hi Matt,

Thanks very much!
I'm glad I'm on the right track in regards to EVP vs EC.

The signature is generated by a client program (also a 'c' program). What
is the format of a signature? How do I find out?

Just to confirm - whether it's ECDSA or RSA, for verification, we just get
the EVP_PKEY data structure filled with the public key correctly and call
in a sequence ending up with a call to EVP_VerifyFinal. Is that correct?

Thanks again!
Anant



On Tue, Jun 10, 2014 at 3:51 PM, Matt Caswell  wrote:

> On 10 June 2014 15:24, Anant Rao  wrote:
> > Hi,
> >
> > Objective in one-line:
> > =
> > Verify a signature, given an ECDSA public key in X509 format.
> >
> >
> > Details:
> > ==
> > I read an X509 cert stored on disk. The following are some of its
> contents:
> >
> > Public Key Algorithm: id-ecPublicKey
> > Public-Key: (256 bit)
> >
> > ...
> > ASN1 OID: prime256v1
> > Signature Algorithm: ecdsa-with-SHA1
> > ...
> >
> >
> > Now, I get some data that is signed by the private key corresponding to
> the
> > above public key/cert and I need to verify it.
> >
> > Here're some pieces of my code:
> >
> > ...
> > EVP_PKEY *pub_key = X509_get_pubkey(cert);  //this is OK
> > ...
> > EVP_VerifyFinal(&c, signature, signature_len, pub_key); //this fails; Why
> > does it fail?
> >
> > The following are the errors from the above VerifyFinal:
> >
> > 140310811899840:error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header
> > too long:asn1_lib.c:150:
> > 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad
> > object header:tasn_dec.c:1306:
> > 140310811899840:error:0D07803A:asn1 encoding
> > routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG
> >
>
> Looks to me like the signature you are passing it is in the wrong
> format. Where did you get it from?
>
>
> >
> > So, after reading this page
> > (http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I
> realized
> > I need to extract the EC_POINT out of the above public key.
>
> No. There is no need to do this. You only need to worry about the low
> level EC stuff if you are not using the EVP interface - which you are.
>
> Matt
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>



-- 

   *Anant* *Rao*
Server Lead
D  / a...@noknok.com

 *Nok Nok Labs Inc.*
4151 Middlefield Road, Suite 200
Palo Alto, CA 94303
T +1 650 433 1300
i...@noknok.com

*www.noknok.com*

Re: ECDSA - Signature verify

2014-06-10 Thread Matt Caswell

On 10 June 2014 15:24, Anant Rao  wrote:
> Hi,
>
> Objective in one-line:
> =
> Verify a signature, given an ECDSA public key in X509 format.
>
>
> Details:
> ==
> I read an X509 cert stored on disk. The following are some of its contents:
>
> Public Key Algorithm: id-ecPublicKey
> Public-Key: (256 bit)
>
> ...
> ASN1 OID: prime256v1
> Signature Algorithm: ecdsa-with-SHA1
> ...
>
>
> Now, I get some data that is signed by the private key corresponding to the
> above public key/cert and I need to verify it.
>
> Here're some pieces of my code:
>
> ...
> EVP_PKEY *pub_key = X509_get_pubkey(cert);  //this is OK
> ...
> EVP_VerifyFinal(&c, signature, signature_len, pub_key); //this fails; Why
> does it fail?
>
> The following are the errors from the above VerifyFinal:
>
> 140310811899840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header
> too long:asn1_lib.c:150:
> 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad
> object header:tasn_dec.c:1306:
> 140310811899840:error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG
>

Looks to me like the signature you are passing it is in the wrong
format. Where did you get it from?


>
> So, after reading this page
> (http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I realized
> I need to extract the EC_POINT out of the above public key.

No. There is no need to do this. You only need to worry about the low
level EC stuff if you are not using the EVP interface - which you are.

Matt
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: ECDSA - Signature verify

2014-06-10 Thread Swair Mehta

remember doing something along the lines of :

ecPublicKey = X509_get_pubkey(readCertificate);
EC_KEY *ecKey;
ecKey = EVP_PKEY_get1_EC_KEY(ecPublicKey);
EC_KEY_set_asn1_flag(ecKey, );
ecGroup = EC_GROUP_new_by_curve_name();
EC_KEY_set_group(ecKey, ecGroup);


int status = ECDSA_verify(ecPublicKey->type, digest, SHA256_DIGEST_LENGTH,
signatureBytes, Signaturelength, ecKey);
if(status==1)
//signature is valid

I will let someone with more experience comment on whether it is right or
wrong.




On Tue, Jun 10, 2014 at 7:24 AM, Anant Rao  wrote:

> Hi,
>
> Objective in one-line:
> =
> Verify a signature, given an ECDSA public key in X509 format.
>
>
> Details:
> ==
> I read an X509 cert stored on disk. The following are some of its contents:
>
> Public Key Algorithm: id-ecPublicKey
> Public-Key: (256 bit)
>
> ...
> ASN1 OID: prime256v1
> Signature Algorithm: ecdsa-with-SHA1
> ...
>
>
> Now, I get some data that is signed by the private key corresponding to
> the above public key/cert and I need to verify it.
>
> Here're some pieces of my code:
>
> ...
> EVP_PKEY *pub_key = X509_get_pubkey(cert);  //this is OK
> ...
> EVP_VerifyFinal(&c, signature, signature_len, pub_key); //this fails; Why
> does it fail?
>
> The following are the errors from the above VerifyFinal:
>
> 140310811899840:error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header too long:asn1_lib.c:150:
> 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad
> object header:tasn_dec.c:1306:
> 140310811899840:error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG
>
>
> So, after reading this page (
> http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I
> realized I need to extract the EC_POINT out of the above public key.
> But, I'm not sure how to do it. Assuming that that's the right approach, I
> want to do the following:
>
> EC_POINT *pub;
>
> if(1 != EC_KEY_set_public_key(key, pub)) handleErrors();
>
> Can you help how I can retrieve the EC_POINT out of the public key? If
> this is not the correct approach at all, could you point what I need to do?
>
> Thanks a lot in advance!
>
>


-- 
Swair Mehta

ECDSA - Signature verify

2014-06-10 Thread Anant Rao

Hi,

Objective in one-line:
=
Verify a signature, given an ECDSA public key in X509 format.


Details:
==
I read an X509 cert stored on disk. The following are some of its contents:

Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)

...
ASN1 OID: prime256v1
Signature Algorithm: ecdsa-with-SHA1
...


Now, I get some data that is signed by the private key corresponding to the
above public key/cert and I need to verify it.

Here're some pieces of my code:

...
EVP_PKEY *pub_key = X509_get_pubkey(cert);  //this is OK
...
EVP_VerifyFinal(&c, signature, signature_len, pub_key); //this fails; Why
does it fail?

The following are the errors from the above VerifyFinal:

140310811899840:error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long:asn1_lib.c:150:
140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad
object header:tasn_dec.c:1306:
140310811899840:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG


So, after reading this page (
http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I realized
I need to extract the EC_POINT out of the above public key.
But, I'm not sure how to do it. Assuming that that's the right approach, I
want to do the following:

EC_POINT *pub;

if(1 != EC_KEY_set_public_key(key, pub)) handleErrors();

Can you help how I can retrieve the EC_POINT out of the public key? If this
is not the correct approach at all, could you point what I need to do?

Thanks a lot in advance!

Re: ECDSA - Signature verify

Re: ECDSA - Signature verify

Re: ECDSA - Signature verify

Re: ECDSA - Signature verify

ECDSA - Signature verify

5 matches

Site Navigation

Mail list logo

Footer information