ECDSA encryption with OpenSSL

Trying to do a simple ECDSA encryption using openSSL library
with the code below:

====beginning of code
require ‘openssl’

data = “This is a message to sign”
key = OpenSSL::PKey::EC.new(“secp160r1”)
key.generate_key
sig = key.dsa_sign_asn1(data)
puts "signature verification result = " + key.dsa_verify_asn1(data, sig)
===== End of code

if fails with the following message:
sample.rb:7: invalid multibyte char (US-ASCII)
sample.rb:7: invalid multibyte char (US-ASCII)

rdoc does not give information about usage
Can anyone help ?

Henry_s

I tried the same code on my mac and it just ended OK.
I am now trying to find the difference between the mac and the ubuntu

Am 29. Mrz 2012 23:16 schrieb Henri S. [email protected]:

I tried the same code on my mac and it just ended OK.
I am now trying to find the difference between the mac and the ubuntu

Are you sure that’s the exact code you tried?

The last line doesn’t work, because of “string + boolean”, so it should
rather be something like

puts “signature verification result = #{key.dsa_verify_asn1(data, sig)}”

instead. In that case, I have no problems on a Fedora box - does that
help?

-Martin

I am still upset with the ECDSA problems.
Here is another one:
The attached code tends to show that ECDSA message signature (using
secp160r1 curve is only accurate for messages of length below 21
characters. All trailing chars are ignored, so if a message of 20
characters is tampered with additional data, signature verification of
this new message will still succeed.
Any comment on that ?

@Martin,
you are right. It now works just fine with the modification of the last
line as you suggested. Thank you.

But this is only the first part of the problem.
A HSM (Harware Security Module) gives me a public key point (X,Y) for
signed messages verification

The code would look like this:

data: being a known message

sig: being the signature of the message

ec_point: being the public_key

curve: string name if the EC curve

key = OpenSSL::PKey::EC.new(curve)
#set the public key
key.public_key=ec_point

then we verify message signature with

key.dsa_verify_asn1(data, sig)

the problem is I can’t figure out how to generate either a proper
OpenSSL::PKey::EC::Point or a suitable OpenSSL::PKey::EC , using the
public key point coordinates received by the HSM. since there is no ruby
method equivalent for "EC_POINT_set_affine_coordinates_GFp(…) "
Could anyone help ?

I am still upset with the ECDSA problems.
Here is another one:
The attached code tends to show that ECDSA message signature (using
secp160r1 curve is only accurate for messages of length below 21
characters. All trailing chars are ignored, so if a message of 20
characters is tampered with additional data, signature verification of
this new message will still succeed.
Any comment on that ?

Could you please open an issue on Redmine for this (and assign it to
me)?
I’ll have a look then, see what’s wrong.

Regards,
Martin

I finally found out how to generate an OpenSSL::PKey:EC:Point public key
using (x,y) public key point coordinates.
Demonstrated in the attached file
Hope that helps

Am 4. April 2012 16:19 schrieb Henri S. [email protected]:

I finally found out how to generate an OpenSSL::PKey:EC:Point public key
using (x,y) public key point coordinates.
Demonstrated in the attached file
Hope that helps

Attachments:
http://www.ruby-forum.com/attachment/7226/my_ecc.rb

Thanks for sharing your solution. If I understand correctly, your
concern
is that there’s no apparent way how to read/serialize points using the
(compressed) “OctetString” representation? If so, I have more or less
good news, I stumbled over this the other day, too, and we have plans to
add this in Bug #6234: Incomplete code in ossl_pkey_ec.c - Ruby master - Ruby Issue Tracking System. Would this help you
in your situation, too?

-Martin

Oh yes!
That would definetely solve my problem.
Thanks

-Henri