Trying to do a simple ECDSA encryption using openSSL library
with the code below:
====beginning of code
require 'openssl'
data = "This is a message to sign"
key = OpenSSL::PKey::EC.new("secp160r1")
key.generate_key
sig = key.dsa_sign_asn1(data)
puts "signature verification result = " + key.dsa_verify_asn1(data, sig)
===== End of code
if fails with the following message:
sample.rb:7: invalid multibyte char (US-ASCII)
sample.rb:7: invalid multibyte char (US-ASCII)
rdoc does not give information about usage
Can anyone help ?
@Martin,
you are right. It now works just fine with the modification of the last
line as you suggested. Thank you.
But this is only the first part of the problem.
A HSM (Harware Security Module) gives me a public key point (X,Y) for
signed messages verification
The code would look like this:
···
=============
# data: being a known message
# sig: being the signature of the message
# ec_point: being the public_key
# curve: string name if the EC curve
#
key = OpenSSL::PKey::EC.new(curve) #set the public key
key.public_key=ec_point
# then we verify message signature with
key.dsa_verify_asn1(data, sig)
the problem is I can't figure out how to generate either a proper
OpenSSL::PKey::EC::Point or a suitable OpenSSL::PKey::EC , using the
public key point coordinates received by the HSM. since there is no ruby
method equivalent for "EC_POINT_set_affine_coordinates_GFp(...) "
Could anyone help ?
I am still upset with the ECDSA problems.
Here is another one:
The attached code tends to show that ECDSA message signature (using
secp160r1 curve is only accurate for messages of length below 21
characters. All trailing chars are ignored, so if a message of 20
characters is tampered with additional data, signature verification of
this new message will still succeed.
Any comment on that ?
I finally found out how to generate an OpenSSL::PKey:EC:Point public key
using (x,y) public key point coordinates.
Demonstrated in the attached file
Hope that helps
I am still upset with the ECDSA problems.
Here is another one:
The attached code tends to show that ECDSA message signature (using
secp160r1 curve is only accurate for messages of length below 21
characters. All trailing chars are ignored, so if a message of 20
characters is tampered with additional data, signature verification of
this new message will still succeed.
Any comment on that ?
Could you please open an issue on Redmine for this (and assign it to me)?
I'll have a look then, see what's wrong.
Thanks for sharing your solution. If I understand correctly, your concern
is that there's no apparent way how to read/serialize points using the
(compressed) "OctetString" representation? If so, I have more or less
good news, I stumbled over this the other day, too, and we have plans to
add this in Bug #6234: Incomplete code in ossl_pkey_ec.c - Ruby master - Ruby Issue Tracking System. Would this help you
in your situation, too?
-Martin
···
Am 4. April 2012 16:19 schrieb Henri S. <lists@ruby-forum.com>:
I finally found out how to generate an OpenSSL::PKey:EC:Point public key
using (x,y) public key point coordinates.
Demonstrated in the attached file
Hope that helps