Comments (15)
Ephenodrom
commented on August 16, 2024
The ASN1 structure generated by "CryptoUtils.encodeEcPrivateKeyToPem()" looks good so far, compared to a private key generated with OpenSSL. I also tried to generate a CSR using the the generated EC private and public key. It works fine and the CSR was also accepted by the CA DigiCert. Due to the fact that they currently only support "prime256v1", I used this curve.
I would suggest :
- Try prime256v1 instead of secp256k1 => if it works, there is maybe a problem in the curve implementation in the Pointycastle project.
- Provide the PHP or NodeJS code and errors. ( PHP would be better ).
Regards
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
Unfortunately I replicated these errors too. The package won't satisfy this online checker:
https://8gwifi.org/ecsignverify.jsp
With secp256k1 curve and SHA-256 hash algorithm.
from dart-basic-utils.
Ephenodrom
commented on August 16, 2024
@kabaluyot
Kann you please try it again with the current master branch? The public key algorithm was hardcoded set to prime256v1.
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
Yes I already tried this but the main issue as @phpcoinn mentioned was the wrong PEM generated especially for private key for secp256k1. Using this online tool, it doesnt match https://8gwifi.org/ecsignverify.jsp or you can use node crypto for comparison. @Ephenodrom
from dart-basic-utils.
Ephenodrom
commented on August 16, 2024
@kabaluyot
Please try again with https://8gwifi.org/ecsignverify.jsp and the current master branch. I changed the PEM Header for the public key and now the tool at https://8gwifi.org/ecsignverify.jsp is working for me.
The EC private/public key has the same structure as the one generated with openssl. The only difference were :
- The hardcoded algorithm prime256v1
- The wrong PEM header
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
Hi @Ephenodrom, thanks for the response. Did you happen to check if generated PEM in this package for signatures works well with whats in https://8gwifi.org/ecsignverify.jsp ?
Actually I applied the changes that you added to the PR that I created, but upon checking, looks like the PEM for private key is incorrectly encoded. Hence when trying and verifying signatures generated from Dart to the https://8gwifi.org/ecsignverify.jsp, it wont match.
Also if we can support signature in base64. I got this implementation from #57 (comment) .. What do you think?
/// Convert ECSignature [signature] to base64 string
/// This is mainly used for passing signature as string via request/response use cases
static String ecSignatureToBase64(ECSignature signature) {
var rUint8ListV2 = MathUtils.encodeBigInt(signature.r);
var sUint8ListV2 = MathUtils.encodeBigInt(signature.s);
var bbV2 = BytesBuilder();
bbV2.add(rUint8ListV2);
bbV2.add(sUint8ListV2);
return base64.encode(bbV2.toBytes());
}from dart-basic-utils.
Ephenodrom
commented on August 16, 2024
@kabaluyot
As I sad, with the latest commit, I was able to generate a EC keypair that can be used within the tool https://8gwifi.org/ecsignverify.jsp.
This included :
- Generate a signature of a message with the private key
- Verify the signature with the public key
According the ecSignatureToBase64() method. This looks good, so please implement it and do not forget to add some unit tests. You can use the results from https://8gwifi.org/ecsignverify.jsp for the unit test to verify it.
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
So I tried implementing ecSignatureToBase64() with the latest master. Here are the steps I took:
- Generate key pairs and encode to PEM (from Dart)
// generate key pairs
var ec = CryptoUtils.generateEcKeyPair(curve: "secp256k1");
var privKey = ec.privateKey as ECPrivateKey;
var pubKey = ec.publicKey as ECPublicKey;
// convert to pem
var privKeyPem = CryptoUtils.encodeEcPrivateKeyToPem(privKey);
var pubKeyPem = CryptoUtils.encodeEcPublicKeyToPem(pubKey);
print('PrivKey PEM:\n$privKeyPem');
print('PubKey PEM:\n$pubKeyPem');
// convert pem to base64
var pubKeyBase64 = base64Encode(pubKeyPem.codeUnits);
print('PubKey base64: $pubKeyBase64');
// decode keys from pem
var decodedPrivKey = CryptoUtils.ecPrivateKeyFromPem(privKeyPem);
var decodedPubKey = CryptoUtils.ecPublicKeyFromPem(pubKeyPem);
// sign message
var message = Uint8List.fromList("Hello world!".codeUnits);
var signature = CryptoUtils.ecSign(decodedPrivKey, message,
algorithmName: 'SHA-256/ECDSA'); // can be SHA-256/ECDSA or other
var encodedSignature = CryptoUtils.ecSignatureToBase64(signature);
print('Signature in base64: $encodedSignature');
// verify message using ECSignature
var isVerifiedByECSignature = CryptoUtils.ecVerify(
decodedPubKey, message, signature,
algorithm: 'SHA-256/ECDSA');
print('ECSignature verification result: $isVerifiedByECSignature');With the ff PEM pairs and result:
PrivKey PEM:
-----BEGIN EC PRIVATE KEY-----
MHUCAQEEIQCNeTXcKDOh232Nh4/wXDYbAN4a/7zZt4kcIjTd+Fy5aKAHBgUrgQQA
CqFEA0IABHm+Zn753LusVaBilc6HCwcCm/zbLc4o2VnygVsW+BeYSDradyajxGVd
pPv8DhEIqP0XtEimhVQZnEfQj/sQ1Lg=
-----END EC PRIVATE KEY-----
PubKey PEM:
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1xolif+76OIrvhEf8yL5m93ulxbha4M
aovLQr38tZ5yEOkM9acw+NOf9mkrfspYDFoRs5vjON4Cbjsn3DlIfg==
-----END PUBLIC KEY-----
PubKey base64: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUVMMXhvbGlmKzc2T0lydmhFZjh5TDVtOTN1bHhiaGE0TQphb3ZMUXIzOHRaNXlFT2tNOWFjdytOT2Y5bWtyZnNwWURGb1JzNXZqT040Q2Jqc24zRGxJZmc9PQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0=
Signature in base64: LgDzj/gbIreZhLWSkRUgrXuL3YiaEd+vAKFjdPtYqT3dKokDxLGL04z7xfog5qLpWOTxH34/0jC2eUN6caXpKQ==
ECSignature verification result: true- Copy PEM pairs to https://8gwifi.org/ecsignverify.jsp and try to verify the message and signature result. Notice that in step 1, the ECSignature verification indeed returns
true
I always get this error
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
from dart-basic-utils.
Ephenodrom
commented on August 16, 2024
@kabaluyot
Please take a look at my commits. I found out that the signature is indeed an ASN1 structure, so I made some changees to the ecSignatureToBase64() method. I also added a ecSignatureFromBase64() method. It should work now as expected.
from dart-basic-utils.
Ephenodrom
commented on August 16, 2024
@kabaluyot
I think with the current commits we can close this issue and #57. Can you confirm this ? After that you can complete your PR and then I will merge and upload a new version on pub.dev.
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
Ok will verify the commits you pushed in master
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
@Ephenodrom I can confirm now that the signature is verified correctly with external tool:
from dart-basic-utils.
kabaluyot
commented on August 16, 2024
For verify and example, here is the PR: #72
from dart-basic-utils.
Ephenodrom
commented on August 16, 2024
This can be considered as closed and fixed with the upcoming release. The package can now generate a DER encoded valid signature.
from dart-basic-utils.
Related Issues (20)
- BooleanUtils not exported on basic_utils.dart HOT 2
- deactivate SSL for HTTP calls
- X509 Basic Constraints and PolicyInformation HOT 1
- Feature: camelCase to slug
- Support for a custom "Not Before" date for the validity of self signed X.509 certificates HOT 5
- Crypto: Type 'ASN1Sequence' is not a subtype of type 'ASN1Integer'
- CryptoUtils.generateRSAKeyPair takes a lot of time on Web HOT 1
- parsePkcs12 generating an incorrect private key
- Error: 'RC2Parameters' is imported from both HOT 1
- UnsupportedObjectIdentifierException: ObjectIdentifier prime192v1 is not supported yet HOT 1
- No algorithm registered of type ECDomainParameters with name: ansip256k1 HOT 2
- throw exception HOT 1
- nextInt misuse on CryptoUtils HOT 1
- UnsupportedASN1TagException: Tag 175 is not supported yet HOT 1
- Dart 3 Support HOT 2
- Exception (type 'ASN1Object' is not a subtype of type 'ASN1Sequence' in type cast) HOT 5
- generateSelfSignedCertificate in windows certificate invalid HOT 6
- Private key invalid HOT 2
- Non Expiring self-signed cert HOT 1
- Converting ECPrivateKey SEC1 to PCKS8 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dart-basic-utils.