Re: Questions about method to compress ECDSA signatures

Fri, 25 May 2012 14:40:54 -0700 

On 25/05/12 14:41, Khuc, Chuong D. wrote:

Wow, that is a lot of good information. Thanks, Matt. And I am still trying to 
digest the first paragraph. So do you mean the R value that I mentioned is 
actually the public key?
No, R is just a random point...different for every signature. The public key is also a point - but different to R. 


And if I was provided
with a private key, are the following lines of code appropriate to compute
the public key and get its x-y coordinates?

EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1);
   if(eckey == NULL)
   {
     printf("ERROR: NULL EC_KEY!\r\n");
   }
   else
   {
     BIGNUM *retbn;
     retbn =  BN_bin2bn(tempkey,32,NULL); // tempkey is an array of 32 u_char
     if(EC_KEY_set_private_key(eckey,retbn)!=1)
     {
       printf("ERROR: Fail to set private key!\r\n");
     }

You probably want to goto an error location after the printf...you don't 
want to fall through to the next section of code! Same for the error 
conditions below.

     EC_POINT* pub_key = EC_POINT_new(EC_KEY_get0_group(eckey));
     if(EC_POINT_mul(EC_KEY_get0_group(eckey),pub_key,retbn,NULL,NULL,NULL) != 
1)
     {
       printf("ERROR: Fail to generate public key!\r\n");
     }
     if(EC_KEY_set_public_key(eckey,pub_key) != 1)
     {
       printf("ERROR: Can't set public key!\r\n");
     }


Yes - all of this looks fine at a glance.


   BIGNUM *x_coord = BN_new();
   BIGNUM *y_coord = BN_new();
// IS THIS THE RIGHT WAY TO GET X-Y COORDINATES?
   if(EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(eckey),
          EC_KEY_get0_public_keyeckey), x_coord, y_coord, NULL)!=1)
   {
     printf("ERROR: Fail to get affine coordinates!\r\n");
   }
}

Yes - that is a valid way to get the x/y coords - as long as you are 
using a GFp curve (which in this example code you are). Other curves may 
require you to call EC_POINT_get_affine_coordinates_GF2m.



However if your intention is to write out the public key in a 
"compressed" form as discussed in the previous email then you don't need 
to actually get the coords. You can just use:


 BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
        point_conversion_form_t form, BIGNUM *, BN_CTX *);

or

 size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
        point_conversion_form_t form,
        unsigned char *buf, size_t len, BN_CTX *ctx);


Matt

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to