Trying to do a simple ECDSA encryption using openSSL library
with the code below:
====beginning of code
require ‘openssl’
data = “This is a message to sign”
key = OpenSSL::PKey::EC.new(“secp160r1”)
key.generate_key
sig = key.dsa_sign_asn1(data)
puts "signature verification result = " + key.dsa_verify_asn1(data, sig)
===== End of code
if fails with the following message:
sample.rb:7: invalid multibyte char (US-ASCII)
sample.rb:7: invalid multibyte char (US-ASCII)
rdoc does not give information about usage
Can anyone help ?
Henry_s
I tried the same code on my mac and it just ended OK.
I am now trying to find the difference between the mac and the ubuntu
Am 29. Mrz 2012 23:16 schrieb Henri S. [email protected]:
I tried the same code on my mac and it just ended OK.
I am now trying to find the difference between the mac and the ubuntu
Are you sure that’s the exact code you tried?
The last line doesn’t work, because of “string + boolean”, so it should
rather be something like
puts “signature verification result = #{key.dsa_verify_asn1(data, sig)}”
instead. In that case, I have no problems on a Fedora box - does that
help?
-Martin
I am still upset with the ECDSA problems.
Here is another one:
The attached code tends to show that ECDSA message signature (using
secp160r1 curve is only accurate for messages of length below 21
characters. All trailing chars are ignored, so if a message of 20
characters is tampered with additional data, signature verification of
this new message will still succeed.
Any comment on that ?
@Martin,
you are right. It now works just fine with the modification of the last
line as you suggested. Thank you.
But this is only the first part of the problem.
A HSM (Harware Security Module) gives me a public key point (X,Y) for
signed messages verification
The code would look like this:
data: being a known message
sig: being the signature of the message
ec_point: being the public_key
curve: string name if the EC curve
key = OpenSSL::PKey::EC.new(curve)
#set the public key
key.public_key=ec_point
then we verify message signature with
key.dsa_verify_asn1(data, sig)
the problem is I can’t figure out how to generate either a proper
OpenSSL::PKey::EC::Point or a suitable OpenSSL::PKey::EC , using the
public key point coordinates received by the HSM. since there is no ruby
method equivalent for "EC_POINT_set_affine_coordinates_GFp(…) "
Could anyone help ?
I am still upset with the ECDSA problems.
Here is another one:
The attached code tends to show that ECDSA message signature (using
secp160r1 curve is only accurate for messages of length below 21
characters. All trailing chars are ignored, so if a message of 20
characters is tampered with additional data, signature verification of
this new message will still succeed.
Any comment on that ?
Could you please open an issue on Redmine for this (and assign it to
me)?
I’ll have a look then, see what’s wrong.
Regards,
Martin
I finally found out how to generate an OpenSSL::PKey:EC:Point public key
using (x,y) public key point coordinates.
Demonstrated in the attached file
Hope that helps
Am 4. April 2012 16:19 schrieb Henri S. [email protected]:
I finally found out how to generate an OpenSSL::PKey:EC:Point public key
using (x,y) public key point coordinates.
Demonstrated in the attached file
Hope that helps
Attachments:
http://www.ruby-forum.com/attachment/7226/my_ecc.rb
Thanks for sharing your solution. If I understand correctly, your
concern
is that there’s no apparent way how to read/serialize points using the
(compressed) “OctetString” representation? If so, I have more or less
good news, I stumbled over this the other day, too, and we have plans to
add this in Bug #6234: Incomplete code in ossl_pkey_ec.c - Ruby master - Ruby Issue Tracking System. Would this help you
in your situation, too?
-Martin
Oh yes!
That would definetely solve my problem.
Thanks
-Henri