OpenSSL在C中使用RAW EC生成的密钥进行签名和验证 [英] OpenSSL Sign and Verify in C with RAW EC generated Keys

问题描述

我将EC私钥生成为随机数，将EC公钥生成为随机数生成器的乘法。

I generate my EC private key as random number and my EC public key as the multiplication of the generator for the random number.

现在，我将使用这些密钥签名并验证消息，但是有关验证的操作失败。您是否有解决此问题的提示？

Now I would to use these keys to sign and verify a message, but the operation about the verification fails. Do you have any hint to solve this problem?

我出于某些限制使用OpenSSL 1.0.0。我不能切换新的。

I'm using OpenSSL 1.0.0 for some constraints. I cannot switch the new one.

#include <openssl/ec.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <stdio.h>
#include <string.h>

int main()
{
    BN_CTX *ctx;
    EC_GROUP *curve;
    BIGNUM *q = NULL;

    EVP_MD_CTX *hashctx;
    unsigned int ol;
    unsigned char fh[EVP_MAX_MD_SIZE];

    BIGNUM *priv = NULL;
    EC_POINT *G, *pub;

    EC_KEY *keypriv = EC_KEY_new();
    EC_KEY *keypub = EC_KEY_new();

    unsigned char *s1 = "hello";

    // makes all algorithms available to the EVP* routines
    OpenSSL_add_all_algorithms();

    // load the error strings for ERR_error_string
    ERR_load_crypto_strings();
    hashctx = EVP_MD_CTX_new();

    const EVP_MD *hashptr = EVP_get_digestbyname("SHA256");

    EVP_DigestInit_ex(hashctx, hashptr, NULL);
    EVP_DigestUpdate(hashctx, s1, strlen(s1));
    EVP_DigestFinal_ex(hashctx, fh, &ol);

    // seed PRNG
    if (RAND_load_file("/dev/urandom", 256) < 64)
    {
        printf("Can't seed PRNG!\n");
        abort();
    }

    ctx = BN_CTX_new();
    q   = BN_new();

    // read the generator and order of the curve
    curve   = EC_GROUP_new_by_curve_name(NID_secp160r1);
    G       = EC_GROUP_get0_generator(curve);
    EC_GROUP_get_order(curve, q, ctx);

    // precompute multiples of g (faster multiplications)
    EC_GROUP_precompute_mult(curve, ctx);

    EC_KEY_set_group(keypriv, curve);

    pub     = EC_POINT_new(curve);
    priv    = BN_new();
    BN_rand_range(priv, q);
    EC_POINT_mul(curve, pub, NULL, G, priv, ctx);


    EC_KEY_set_private_key(keypriv, priv);
    EC_KEY_set_public_key(keypub, pub);


    ECDSA_SIG *signature = ECDSA_do_sign(fh, 64, keypriv);
    if (NULL == signature)
    {
        printf("Failed to generate EC Signature\n");
    }
    else
    {
        int verify_status = ECDSA_do_verify(fh, 64, signature, keypub);
        const int verify_success = 1;
        if (verify_success != verify_status)
        {
            printf("Failed to verify EC Signature\n");
        }
        else
        {
            printf("Verifed EC Signature\n");
        }
        ECDSA_SIG_free(signature);
    }

    return 0;
}

推荐答案

我只是通过设置我的代码中的公钥的EC组为：

I solved just by setting the EC Group for the public key in my code as:

EC_KEY_set_group(keypub, curve);

顺便说一句，我希望这个问题也可以回答已接受的第一条评论。答案：

By the way, I hope that this Q/A can answer also for the first comment in the accepted answer:

如何仅使用eckey的公开部分进行验证？

How do you verify with just the public part of the eckey?

在OpenSSL中使用ECDSA签名消息

这篇关于OpenSSL在C中使用RAW EC生成的密钥进行签名和验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！