Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>I'm guessing that each time you run your program, you get a different signature value for the same plaintext (to-be-signed) input. </p> <p>ECDSA specifies that a random ephemeral ECDSA private key be generated per signature. To that end, <code>Signature.getInstance("SHA256withECDSA")</code> doesn't let you specify an ephemeral key (this is a good thing, to prevent many a self shot in the foot!). Instead, it gets its own SecureRandom instance that will make your output nondeterministic. </p> <p>This probably means you can't use JCE (<code>Signature.getInstance()</code>) for test vector validation.</p> <p>What you could do is extend <code>SecureRandom</code> in a way that it returns deterministic data. Obviously you shouldn't use this in a real deployment:</p> <pre><code>public class FixedSecureRandom extends SecureRandom { private static boolean debug = false; private static final long serialVersionUID = 1L; public FixedSecureRandom() { } private int nextBytesIndex = 0; private byte[] nextBytesValues = null; public void setBytes(byte[] values) { this.nextBytesValues = values; } public void nextBytes(byte[] b) { if (nextBytesValues==null) { super.nextBytes(b); } else if (nextBytesValues.length==0) { super.nextBytes(b); } else { for (int i=0; i&lt;b.length; i++) { b[i] = nextBytesValues[nextBytesIndex]; nextBytesIndex = (nextBytesIndex + 1) % nextBytesValues.length; } } } } </code></pre> <p>Phew. Ok now you have a SecureRandom class that returns you some number of known bytes, then falls back to a real SecureRandom after that. I'll say it again (excuse the shouting) - DO NOT USE THIS IN PRODUCTION!</p> <p>Next you'll need to use a ECDSA implementation that lets you specify your own SecureRandom. You can use BouncyCastle's <code>ECDSASigner</code> for this purpose. Except here you're going to give it your own bootlegged FixedSecureRandom, so that when it calls <code>secureRandom.getBytes()</code>, it gets the bytes you want it to. This lets you control the ephemeral key to match that specified in the test vectors. You may need to massage the actual bytes (eg. add zero pre-padding) to match what <code>ECDSASigner</code> is going to request.</p> <pre><code>ECPrivateKeyParameters ecPriv = ...; // this is the user's EC private key (not ephemeral) FixedSecureRandom fsr_k = new FixedSecureRandom(); fsr_k.setBytes(tempKeyK); ECDSASigner signer = new ECDSASigner(); ParametersWithRandom ecdsaprivrand = new ParametersWithRandom(ecPriv, fsr_k); signer.init(true, ecdsaprivrand); </code></pre> <p>Note that BC's <code>ECDSASigner</code> implements only the EC signature part, not the hashing. You'll still need to do your own hashing (assuming your input data is in <code>data</code>):</p> <pre><code>Digest md = new SHA256Digest() md.reset(); md.update(data, 0, data.length); byte[] hash = new byte[md.getDigestSize()]; md.doFinal(hash, 0); </code></pre> <p>before you create the ECDSA signature:</p> <pre><code>BigInteger[] sig = signer.generateSignature(hash); </code></pre> <p>Finally, this <code>BigInteger[]</code> (should be length==2) are the (r,s) values. You'll need to ASN.1 DER-encode it, which should give you the <strike>droids</strike> bytes you're looking for.</p>
    singulars
    1. This table or related slice is empty.
    1. POCalculating ECDSA signature in Java as per an RFC test vector
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. UStsechin
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POCalculating ECDSA signature in Java as per an RFC test vector
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    1. COSuccess! Thanks for the speedy and very detailed answer. As soon as i read it it made sense and its all working for me now. Huge thanks for your help :-)
      singulars
      1. PO
      1. USPinkyNoBrain
    2. COP.S For anyone else looking at this. I initially made the rookie mistake of doing fsr_k.setBytes(new BigInteger("9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE", 16).toByteArray()) and nearly cried. In doing this an extra 0 byte is prepended to the byte array and so you still end up with the wrong K value :-(
      singulars
      1. PO
      1. USPinkyNoBrain
    3. CO@PinkyNoBrain You need a function called I2OS (integer to octet string). This method takes *two* inputs, an integer and (key) length. It returns the unsigned big endian encoding of the integer, with `00` bytes prepended up to the key size. You now have the unsigned part, make sure you have the padding part as well...
      singulars
      1. PO
      1. USMaarten Bodewes
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload