Encoding of EC public keys?
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Encoding of EC public keys?
by Tomas Gustavsson-3
::
Rate this Message:
Hi, I have a questions regarding encoding of EC public keys. I've come across certificates (country signing certificates for ePassports) where the public key is encoded with all parameters. When using BC only the public point is encoded and an oid defines which curve is used. Is there a correct way? I guess the oid way is newer and the other is an old method? Are both ways OK? Kind regards, Tomas Full encoding: ----- Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:97:9a:6e:87:ac:38:c4:93:02:73:a4:9d:07:86: 1e:aa:9a:d5:26:9d:a0:ac:62:7c:06:03:8a:34:49: c0:52:2b:a3:db:4e:95:38:97:73:87:62:e5:ba:22: 73:3a:22:c9:fe:25:84:5c:78:c9:c1:cf:3e:61:67: b6:49:60:86:00 Field Type: prime-field Prime: 00:a9:fb:57:db:a1:ee:a9:bc:3e:66:0a:90:9d:83: 8d:72:6e:3b:f6:23:d5:26:20:28:20:13:48:1d:1f: 6e:53:77 A: 7d:5a:09:75:fc:2c:30:57:ee:f6:75:30:41:7a:ff: e7:fb:80:55:c1:26:dc:5c:6c:e9:4a:4b:44:f3:30: b5:d9 B: 26:dc:5c:6c:e9:4a:4b:44:f3:30:b5:d9:bb:d7:7c: bf:95:84:16:29:5c:f7:e1:ce:6b:cc:dc:18:ff:8c: 07:b6 Generator (uncompressed): 04:8b:d2:ae:b9:cb:7e:57:cb:2c:4b:48:2f:fc:81: b7:af:b9:de:27:e1:e3:bd:23:c2:3a:44:53:bd:9a: ce:32:62:54:7e:f8:35:c3:da:c4:fd:97:f8:46:1a: 14:61:1d:c9:c2:77:45:13:2d:ed:8e:54:5c:1d:54: c7:2f:04:69:97 Order: 00:a9:fb:57:db:a1:ee:a9:bc:3e:66:0a:90:9d:83: 8d:71:8c:39:7a:a3:b5:61:a6:f7:90:1e:0e:82:97: 48:56:a7 Cofactor: 1 (0x1) ----- BC encoding (it's not the same curve I know): ----- Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:8b:97:62:79:fe:8e:a0:ec:b8:34:bd:27:91:63: ef:92:8f:d7:6d:fd:89:74:cc:c7:16:24:bb:73:d1: d4:eb:7b:f3:bd:bc:57:05:aa:c4:4b:19:8c:e6:f0: b4:63:50:75:99:76:48:a4:54:69:d0:9f:01:5f:f1: 67:39:f7:e8:a7 ASN1 OID: prime256v1 ----- |
|
|
Re: Encoding of EC public keys?
by Tomas Gustavsson-3
::
Rate this Message:
Hi, some more clarifications. I have read up on some standards and realize that IETF mandates the use of namedCurve while BSI-TR-03111 (icao) mandates the use of ecParameters. My problem is that ICAO mandates the 03111 way (ecParameters) for country and document signing certificates used for ePassports. Both ways seems ok according to standards. How can I make BC produce certificate requests and certificates with ecParameters instead of namedCurves? Cheers, Tomas PS: I start to not like ecc due to the varying standards. You always sooner or later end up in "special handling" mode, which I don't like as an implementor. Tomas Gustavsson wrote: > Hi, > > I have a questions regarding encoding of EC public keys. I've come > across certificates (country signing certificates for ePassports) where > the public key is encoded with all parameters. When using BC only the > public point is encoded and an oid defines which curve is used. > > Is there a correct way? I guess the oid way is newer and the other is an > old method? > > Are both ways OK? > > Kind regards, > Tomas > > Full encoding: > ----- > Subject Public Key Info: > Public Key Algorithm: id-ecPublicKey > EC Public Key: > pub: > 04:97:9a:6e:87:ac:38:c4:93:02:73:a4:9d:07:86: > 1e:aa:9a:d5:26:9d:a0:ac:62:7c:06:03:8a:34:49: > c0:52:2b:a3:db:4e:95:38:97:73:87:62:e5:ba:22: > 73:3a:22:c9:fe:25:84:5c:78:c9:c1:cf:3e:61:67: > b6:49:60:86:00 > Field Type: prime-field > Prime: > 00:a9:fb:57:db:a1:ee:a9:bc:3e:66:0a:90:9d:83: > 8d:72:6e:3b:f6:23:d5:26:20:28:20:13:48:1d:1f: > 6e:53:77 > A: > 7d:5a:09:75:fc:2c:30:57:ee:f6:75:30:41:7a:ff: > e7:fb:80:55:c1:26:dc:5c:6c:e9:4a:4b:44:f3:30: > b5:d9 > B: > 26:dc:5c:6c:e9:4a:4b:44:f3:30:b5:d9:bb:d7:7c: > bf:95:84:16:29:5c:f7:e1:ce:6b:cc:dc:18:ff:8c: > 07:b6 > Generator (uncompressed): > 04:8b:d2:ae:b9:cb:7e:57:cb:2c:4b:48:2f:fc:81: > b7:af:b9:de:27:e1:e3:bd:23:c2:3a:44:53:bd:9a: > ce:32:62:54:7e:f8:35:c3:da:c4:fd:97:f8:46:1a: > 14:61:1d:c9:c2:77:45:13:2d:ed:8e:54:5c:1d:54: > c7:2f:04:69:97 > Order: > 00:a9:fb:57:db:a1:ee:a9:bc:3e:66:0a:90:9d:83: > 8d:71:8c:39:7a:a3:b5:61:a6:f7:90:1e:0e:82:97: > 48:56:a7 > Cofactor: 1 (0x1) > ----- > > BC encoding (it's not the same curve I know): > ----- > Subject Public Key Info: > Public Key Algorithm: id-ecPublicKey > EC Public Key: > pub: > 04:8b:97:62:79:fe:8e:a0:ec:b8:34:bd:27:91:63: > ef:92:8f:d7:6d:fd:89:74:cc:c7:16:24:bb:73:d1: > d4:eb:7b:f3:bd:bc:57:05:aa:c4:4b:19:8c:e6:f0: > b4:63:50:75:99:76:48:a4:54:69:d0:9f:01:5f:f1: > 67:39:f7:e8:a7 > ASN1 OID: prime256v1 > ----- > |
|
|
Re: Encoding of EC public keys?
by David Hook-2
::
Rate this Message:
You can do this by either changing the way the KeyPairGenerator is initialised or by rebuilding the public key by hand, replacing the ECNamedCurveSpec with one that is just made up of the corresponding parameters. Regards, David PS. If you're dealing with parameters explicitly you might also need to pay attention the implications of http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6738532 On Thu, 2009-10-29 at 13:31 +0100, Tomas Gustavsson wrote: > Hi, > > some more clarifications. I have read up on some standards and realize > that IETF mandates the use of namedCurve while BSI-TR-03111 (icao) > mandates the use of ecParameters. > > My problem is that ICAO mandates the 03111 way (ecParameters) for > country and document signing certificates used for ePassports. > Both ways seems ok according to standards. > > How can I make BC produce certificate requests and certificates with > ecParameters instead of namedCurves? > > Cheers, > Tomas > > PS: I start to not like ecc due to the varying standards. You always > sooner or later end up in "special handling" mode, which I don't like > as an implementor. > > Tomas Gustavsson wrote: > > Hi, > > > > I have a questions regarding encoding of EC public keys. I've come > > across certificates (country signing certificates for ePassports) where > > the public key is encoded with all parameters. When using BC only the > > public point is encoded and an oid defines which curve is used. > > > > Is there a correct way? I guess the oid way is newer and the other is an > > old method? > > > > Are both ways OK? > > > > Kind regards, > > Tomas > > > > Full encoding: > > ----- > > Subject Public Key Info: > > Public Key Algorithm: id-ecPublicKey > > EC Public Key: > > pub: > > 04:97:9a:6e:87:ac:38:c4:93:02:73:a4:9d:07:86: > > 1e:aa:9a:d5:26:9d:a0:ac:62:7c:06:03:8a:34:49: > > c0:52:2b:a3:db:4e:95:38:97:73:87:62:e5:ba:22: > > 73:3a:22:c9:fe:25:84:5c:78:c9:c1:cf:3e:61:67: > > b6:49:60:86:00 > > Field Type: prime-field > > Prime: > > 00:a9:fb:57:db:a1:ee:a9:bc:3e:66:0a:90:9d:83: > > 8d:72:6e:3b:f6:23:d5:26:20:28:20:13:48:1d:1f: > > 6e:53:77 > > A: > > 7d:5a:09:75:fc:2c:30:57:ee:f6:75:30:41:7a:ff: > > e7:fb:80:55:c1:26:dc:5c:6c:e9:4a:4b:44:f3:30: > > b5:d9 > > B: > > 26:dc:5c:6c:e9:4a:4b:44:f3:30:b5:d9:bb:d7:7c: > > bf:95:84:16:29:5c:f7:e1:ce:6b:cc:dc:18:ff:8c: > > 07:b6 > > Generator (uncompressed): > > 04:8b:d2:ae:b9:cb:7e:57:cb:2c:4b:48:2f:fc:81: > > b7:af:b9:de:27:e1:e3:bd:23:c2:3a:44:53:bd:9a: > > ce:32:62:54:7e:f8:35:c3:da:c4:fd:97:f8:46:1a: > > 14:61:1d:c9:c2:77:45:13:2d:ed:8e:54:5c:1d:54: > > c7:2f:04:69:97 > > Order: > > 00:a9:fb:57:db:a1:ee:a9:bc:3e:66:0a:90:9d:83: > > 8d:71:8c:39:7a:a3:b5:61:a6:f7:90:1e:0e:82:97: > > 48:56:a7 > > Cofactor: 1 (0x1) > > ----- > > > > BC encoding (it's not the same curve I know): > > ----- > > Subject Public Key Info: > > Public Key Algorithm: id-ecPublicKey > > EC Public Key: > > pub: > > 04:8b:97:62:79:fe:8e:a0:ec:b8:34:bd:27:91:63: > > ef:92:8f:d7:6d:fd:89:74:cc:c7:16:24:bb:73:d1: > > d4:eb:7b:f3:bd:bc:57:05:aa:c4:4b:19:8c:e6:f0: > > b4:63:50:75:99:76:48:a4:54:69:d0:9f:01:5f:f1: > > 67:39:f7:e8:a7 > > ASN1 OID: prime256v1 > > ----- > > > |
| Free embeddable forum powered by Nabble | Forum Help |
