远程提取(r,s)和验证ECDSA签名 [英] Extracting (r,s) and Verifying ECDSA signature remotely
问题描述
我正在尝试使用Java客户端对内容进行签名,然后在服务器(nodejs)上进行验证.我的客户端签名功能使用ECDSA并返回 byte []
.我可以访问服务器上由 publicKey
组成的 x
和 y
坐标值.
I am trying to sign content using a java client and then verifying the same on a server (nodejs). My client signature function uses ECDSA and returns a byte[]
. I have access to the x
and y
coordinate values comprising the publicKey
on the server.
public static byte[] sign(String plainText, PrivateKey privateKey) throws Exception {
java.security.Signature dsa = java.security.Signature.getInstance("SHA1withECDSA");
dsa.initSign(privateKey);
dsa.update(plainText.getBytes(UTF_8));
return dsa.sign();
}
是否可以找到组成签名的 r
和 s
值?如何将从上方获取的 byte []
转换为(r,s)
对或十六进制的 DER编码签名
?在 node
服务器端,我正在使用 椭圆形
用于签名验证.
Is it possible to find the r
and s
values that comprise the signature? How do I convert the byte[]
obtained from above into a (r,s)
pair or a DER-encoded signature
as hex? On the node
server side I am using elliptic
for the signature verification.
编辑:
谢谢戴夫(Dave)的评论,我正在使用此SO答案中指明的方法:
Thank you Dave for the comments, I am using the methods indicated in this SO answer:
public static BigInteger extractR(byte[] signature) throws Exception {
int startR = (signature[1] & 0x80) != 0 ? 3 : 2;
int lengthR = signature[startR + 1];
return new BigInteger(Arrays.copyOfRange(signature, startR + 2, startR + 2 + lengthR));
}
public static BigInteger extractS(byte[] signature) throws Exception {
int startR = (signature[1] & 0x80) != 0 ? 3 : 2;
int lengthR = signature[startR + 1];
int startS = startR + 2 + lengthR;
int lengthS = signature[startS + 1];
return new BigInteger(Arrays.copyOfRange(signature, startS + 2, startS + 2 + lengthS));
}
知道 x
, y
, r
和 s
的值,我正在尝试验证消息这是节点服务器上的测试字符串
.
Knowing the x
,y
, r
and s
values, I am trying to verify the message this is a test string
on the node server.
Message : this is a test string
Curve Parameters: secp256k1
Public Key:
X : 52552626316292256179275635993655485173638967401615704770864787021340356427096
Y : 115577290317206876914379725139810202736866562857077399175416156471449711434272
Signature details:
R : [0, -63, -80, -50, -87, -56, 93, 19, 82, 46, 51, 14, -75, 103, 115, 126, 21, 94, 43, 102, -21, -86, -29, -5, 25, 14, -6, -116, 120, -54, -66, 2, -78]
S : [0, -40, -119, 77, -14, 113, -105, -117, 93, 70, -107, -3, 63, 12, 77, -48, 59, -47, -7, -126, -60, -109, 95, -6, -66, -120, -8, -103, 122, 40, 24, -31, 89]
要使用 elliptic
模块进行验证,我需要以下
For verification using the elliptic
module I have the following
var EC_Instance = new EC();
var signature = {
r : new Buffer([0, -63, ..., 2, -78]),
s : new Buffer([0, -40, ..., -31, 89])
};
var x = "52552626316292256179275635993655485173638967401615704770864787021340356427096";
var y = "115577290317206876914379725139810202736866562857077399175416156471449711434272";
EC_Instance.importPublicKey(x, y); // calls ec.keyFromPublic(pub, 'hex')
var verification_true = EC_Instance.verify("this is a test string", signature);
EC_Instance
是包含以下内容的类的对象:
And EC_Instance
is an object of the class containing the following:
constructor() {
// Require the elliptic library for curve cryptography
var EC = require('elliptic').ec;
var ec = new EC('secp256k1');
this.ec = ec;
}
importPublicKey(x, y) {
var pub = { x: x.toString('hex'), y: y.toString('hex') };
var key = this.ec.keyFromPublic(pub, 'hex');
this.key = key;
return key;
}
verify(message, signature) {
return this.key.verify(message, signature);
}
推荐答案
它可能是哈希函数.SHA-1不应再用于签名操作.
It's probably the hash function. SHA-1 should not be used anymore for signature operations.
我假设对于node.js代码,使用SHA-256哈希方法,尽管几乎无法通过当前文档进行验证(甚至很少提到哈希).
I presume that for the node.js code that the SHA-256 hash method is used, although it is next to impossible to verify this with the current documentation (hashing is hardly even mentioned).
请注意-具有任何签名-哈希是一个配置参数;应该从签名本身来确定它(对于EC,至少在没有实际验证的情况下,它是不能确定的).
Note that - with any signatures - the hash is a configuration parameter; it should (and for EC it cannot, at least without actual verification) be determined from the signature itself.
这篇关于远程提取(r,s)和验证ECDSA签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!