小结
本文记录了使用OpenSSL指令测试椭圆曲线签名算法ECDSA,进行了以下操作:生成椭圆曲线secp256r1 公私密钥对,使用OpenSSL指令及secp256r1算法对输入的数据使用私钥获得签名,使用OpenSSL指令对获得的签名对输入的数据使用公钥进行认证。
问题及解决
名词:
– Elliptic Curve Digital Signature Algorithm (ECDSA)
– DER (Distinguished Encoding Rules)
获取secp256r1的公钥和私钥
C:\ECDSA_OPenssl_Test>openssl ecparam -name secp256r1 -genkey -noout -out ec-secp256r1-priv-key25Mar2024.pem
using curve name prime256v1 instead of secp256r1
C:\ECDSA_OPenssl_Test>
得到一个PEM格式的私钥:
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEmZBPmaZyg3sPqq9kdKxJq+hFp2POf2fAq0nixBw0HkoAoGCCqGSM49
AwEHoUQDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv4vxlvkFfUw6XZhLXC6TE00c5
VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END EC PRIVATE KEY-----
从base 64转化为hex:
30770201010420499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4a00a06082a8648ce3d030107a1440342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
查看私钥信息:
C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:
49:99:04:f9:9a:67:28:37:b0:fa:aa:f6:47:4a:c4:
9a:be:84:5a:76:3c:e7:f6:7c:0a:b4:9e:2c:41:c3:
41:e4
pub:
04:26:e0:96:f2:a3:ec:50:c1:24:f0:d4:13:6a:84:
54:99:e3:ac:9a:cc:af:e2:fc:65:be:41:5f:53:0e:
97:66:12:d7:0b:a4:c4:d3:47:39:54:e1:5e:7f:19:
92:a6:16:3b:04:ec:bc:a5:81:3b:65:db:b5:22:3a:
61:27:e6:ce:f8
ASN1 OID: prime256v1
NIST CURVE: P-256
从上可以看到,这里私钥的原始值是499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4
可以通过私钥获取公钥:
C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -pubout > ec-secp256r1-pub-key25Mar2024.pem
read EC key
writing EC key
公钥的PEM格式是:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv
4vxlvkFfUw6XZhLXC6TE00c5VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END PUBLIC KEY-----
从base 64转化为hex:
3059301306072a8648ce3d020106082a8648ce3d0301070342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
查看公钥:
C:\ECDSA_OPenssl_Test>openssl ec -pubin -in ec-secp256r1-pub-key25Mar2024.pem -noout -text
read EC key
Public-Key: (256 bit)
pub:
04:26:e0:96:f2:a3:ec:50:c1:24:f0:d4:13:6a:84:
54:99:e3:ac:9a:cc:af:e2:fc:65:be:41:5f:53:0e:
97:66:12:d7:0b:a4:c4:d3:47:39:54:e1:5e:7f:19:
92:a6:16:3b:04:ec:bc:a5:81:3b:65:db:b5:22:3a:
61:27:e6:ce:f8
ASN1 OID: prime256v1
NIST CURVE: P-256
这里的公钥的原始值:26e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
DER格式
在加解密操作中,也常用DER格式,例如使用编程,或者需要使用openssl指令进行操作
DER (Distinguished Encoding Rules) is a binary encoding for X.509 certificates and private keys.
以下是将一个私钥的PEM格式转换为DER格式:
C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-pub-key25Mar2024.pem -pubout -outform DER -out ec-secp256r1-pub-key25Mar2024.der
read EC key
writing EC key
下面查看转换为DER格式后的内容:
[john@localhost ~]$ xxd ec-secp256r1-pub-key25Mar2024.der
0000000: 3059 3013 0607 2a86 48ce 3d02 0106 082a 0Y0...*.H.=....*
0000010: 8648 ce3d 0301 0703 4200 0426 e096 f2a3 .H.=....B..&....
0000020: ec50 c124 f0d4 136a 8454 99e3 ac9a ccaf .P.$...j.T......
0000030: e2fc 65be 415f 530e 9766 12d7 0ba4 c4d3 ..e.A_S..f......
0000040: 4739 54e1 5e7f 1992 a616 3b04 ecbc a581 G9T.^.....;.....
0000050: 3b65 dbb5 223a 6127 e6ce f8 ;e..":a'...
[john@localhost ~]$ xxd -p ec-secp256r1-pub-key25Mar2024.der
3059301306072a8648ce3d020106082a8648ce3d0301070342000426e096
f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d7
0ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6ce
f8
[john@localhost ~]$
经过与上面的PEM模式对比,可以发现DER是将PEM的 Base 64格式转换为hex,再以二进制进行存放。
在这里可以查看具体格式:
ECC home: Distinguished Encoding Rules (DER) format
具体结果如下:
DER string: 3059301306072a8648ce3d020106082a8648ce3d0301070342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
==Sequence==
--->Sequence (30)
--->Obj ID tag (06 - Object ID)
ID algorithm: 1.2.840.10045.2.1 ECC (ecPublicKey)
--->Obj ID tag (06 - Object ID)
ID algorithm: 1.2.840.10045.3.1.7 secp256r1
--->Obj ID tag (03)
Bit value: b'0426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8'
Public key: (17584703792196710961322654698934966890779020245800324948422167181519104730642,97267834955915449518105771015666399636648946309220827714919462956391446531832
Now checking key if ECC - 256
EccKey(curve='NIST P-256', point_x=17584703792196710961322654698934966890779020245800324948422167181519104730642, point_y=97267834955915449518105771015666399636648946309220827714919462956391446531832)
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv
4vxlvkFfUw6XZhLXC6TE00c5VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END PUBLIC KEY-----
同样也可以对PEM私钥进行相同的操作:
C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -outform DER -out ec-secp256r1-priv-key25Mar2024.der
read EC key
writing EC key
具体内容如下:
[john@localhost ~]$ xxd ec-secp256r1-priv-key25Mar2024.der
0000000: 3077 0201 0104 2049 9904 f99a 6728 37b0 0w.... I....g(7.
0000010: faaa f647 4ac4 9abe 845a 763c e7f6 7c0a ...GJ....Zv<..|.
0000020: b49e 2c41 c341 e4a0 0a06 082a 8648 ce3d ..,A.A.....*.H.=
0000030: 0301 07a1 4403 4200 0426 e096 f2a3 ec50 ....D.B..&.....P
0000040: c124 f0d4 136a 8454 99e3 ac9a ccaf e2fc .$...j.T........
0000050: 65be 415f 530e 9766 12d7 0ba4 c4d3 4739 e.A_S..f......G9
0000060: 54e1 5e7f 1992 a616 3b04 ecbc a581 3b65 T.^.....;.....;e
0000070: dbb5 223a 6127 e6ce f8 ..":a'...
[john@localhost ~]$ xxd -p ec-secp256r1-priv-key25Mar2024.der
30770201010420499904f99a672837b0faaaf6474ac49abe845a763ce7f6
7c0ab49e2c41c341e4a00a06082a8648ce3d030107a1440342000426e096
f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d7
0ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6ce
f8
[john@localhost ~]$
在ECC home: Distinguished Encoding Rules (DER) format查看具体结果如下:
DER string: 30770201010420499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4a00a06082a8648ce3d030107a1440342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
==Sequence==
Integer (02): 0x1
--->Sequence (A0)
--->Obj ID tag (06 - Object ID)
ID algorithm: 1.2.840.10045.3.1.7 secp256r1
--->Sequence (A1)
Bit value: b'0426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8'
这里的同样验证了公钥的原始值是:26e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
使用OpenSSL及secp256r1算法获得签名
假如我们有一个原始数据是: 9702021300197653695F01011D1C27CD01015501C328497412CA97A61476414CF795B9CB8AF68B72F5C2C5BCCC074E5658BE6190B9DBCB4E7CA9AE24A0856E8F9B0F952DBF6609F8
一般会进行SHA256进行哈希运算得到以下结果,可以使用Sha256 online tool: SHA256:5fc6e719bb7a887e32f0c1fc273121a7cc036bb8d3ffa9499821743235a73391
将原始值转换为二进制文件:
[john@localhost ~]$ cat InputData.txt
9702021300197653695F01011D1C27CD01015501C328497412CA97A61476414CF795B9CB8AF68B72F5C2C5BCCC074E5658BE6190B9DBCB4E7CA9AE24A0856E8F9B0F952DBF6609F8
[john@localhost ~]$ xxd -r -p InputData.txt InputData.bin
[john@localhost ~]$ xxd -p InputData.bin
9702021300197653695f01011d1c27cd01015501c328497412ca97a61476
414cf795b9cb8af68b72f5c2c5bccc074e5658be6190b9dbcb4e7ca9ae24
a0856e8f9b0f952dbf6609f8
[john@localhost ~]$ xxd InputData.bin
0000000: 9702 0213 0019 7653 695f 0101 1d1c 27cd ......vSi_....'.
0000010: 0101 5501 c328 4974 12ca 97a6 1476 414c ..U..(It.....vAL
0000020: f795 b9cb 8af6 8b72 f5c2 c5bc cc07 4e56 .......r......NV
0000030: 58be 6190 b9db cb4e 7ca9 ae24 a085 6e8f X.a....N|..$..n.
0000040: 9b0f 952d bf66 09f8 ...-.f..
[skms@localhost ~]$
将哈希值转换为二进制:
[john@localhost ~]$ xxd -r -p sig_hsm_hex.txt sig_hsm_hex.bin
[john@localhost ~]$ xxd -p hash_hsm_hex.bin
5fc6e719bb7a887e32f0c1fc273121a7cc036bb8d3ffa9499821743235a7
3391
[john@localhost ~]$
[john@localhost ~]$ cat hash_hsm_hex.bin
_���z�~2���'1!��k����I�!t25�3�
[skms@localhost ~]$ xxd hash_hsm_hex.bin
0000000: 5fc6 e719 bb7a 887e 32f0 c1fc 2731 21a7 _....z.~2...'1!.
0000010: cc03 6bb8 d3ff a949 9821 7432 35a7 3391 ..k....I.!t25.3.
[john@localhost ~]$
使用私钥ec-secp256r1-priv-key25Mar2024.pem
对以上sig_hsm_hex.bin
进行签名:
C:\ECDSA_OPenssl_Test>openssl pkeyutl -sign -inkey ec-secp256r1-priv-key25Mar2024.pem -in hash_hsm_hex.bin > sig_sect256.bin
结果如下:
[skms@localhost ~]$ xxd sig_sect256.bin
0000000: 3045 0221 00d9 6013 e128 55f8 5fab 27de 0E.!..`..(U._.'.
0000010: cca2 5215 fc7c 3ad0 bf2c e9ef b4c6 c3ea ..R..|:..,......
0000020: 896e 1b28 4502 206b ec80 83c4 722a 485b .n.(E. k....r*H[
0000030: 63ad 37a8 50b9 601b e759 0d79 debe 9468 c.7.P.`..Y.y...h
0000040: da70 d980 e700 a6 .p.....
[skms@localhost ~]$ xxd -p sig_sect256.bin
3045022100d96013e12855f85fab27decca25215fc7c3ad0bf2ce9efb4c6
c3ea896e1b284502206bec8083c4722a485b63ad37a850b9601be7590d79
debe9468da70d980e700a6
[skms@localhost ~]$
进行解析:
C:\ECDSA_OPenssl_Test>openssl asn1parse -in sig_sect256.bin -inform der
0:d=0 hl=2 l= 69 cons: SEQUENCE
2:d=1 hl=2 l= 33 prim: INTEGER :D96013E12855F85FAB27DECCA25215FC7C3AD0BF2CE9EFB4C6C3EA896E1B2845
37:d=1 hl=2 l= 32 prim: INTEGER :6BEC8083C4722A485B63AD37A850B9601BE7590D79DEBE9468DA70D980E700A6
所以签名的原始值是: D96013E12855F85FAB27DECCA25215FC7C3AD0BF2CE9EFB4C6C3EA896E1B28456BEC8083C4722A485B63AD37A850B9601BE7590D79DEBE9468DA70D980E700A6
使用OpenSSL及secp256r1算法对签名进行认证
以上步骤使用私钥ec-secp256r1-priv-key25Mar2024.pem
对以上sig_hsm_hex.bin
进行了签名, 那么下面使用OpenSSL指令,使用ec-secp256r1-pub-key25Mar2024.pem
公钥对输入sig_hsm_hex.bin
内容和签名sig_sect256.bin
进行认证。
注意: sig_sect256.bin是二进制文件
以下是对经过哈希SHA256运算后的结果sig_hsm_hex.bin
进行直接认证:
C:\ECDSA_OPenssl_Test>openssl pkeyutl -verify -in hash_hsm_hex.bin -sigfile sig_sect256.bin -inkey ec-secp256r1-pub-key25Mar2024.pem -pubin
Signature Verified Successfully
如果输入的是哈希SHA256运算前的原始值,那么可以使用以下指令进行认证:
C:\ECDSA_OPenssl_Test>openssl dgst -sha256 -verify ec-secp256r1-pub-key25Mar2024.pem -signature sig_sect256.bin InputData.bin
Verified OK
以上InputData.bin是是哈希SHA256运算前的原始值(二进制形式):9702021300197653695F01011D1C27CD01015501C328497412CA97A61476414CF795B9CB8AF68B72F5C2C5BCCC074E5658BE6190B9DBCB4E7CA9AE24A0856E8F9B0F952DBF6609F8
参考
Base64 Guru: Base64 to Hex and Hex to Base64
techdocs.akamai.com IoT Token Access Control – Generate ECDSA keys
EC Signature Generate & Verification
Stackoverflow: How to verify a ECC signature with OpenSSL command?
ECC home: Distinguished Encoding Rules (DER) format
Sha256 online tool: SHA256
OID: prime192v1(1) other identifiers: secp192r1, ansiX9p192r1
Hex to ASCII Text String Converter
PEM Parser
OpenSSL: Command Line Elliptic Curve Operations
Stackoverflow: How to verify a ECC signature with OpenSSL command?
Stackoverflow: Openssl command line: how to get PEM for a hex public key, 224 bit curve?
Github: Convert a hex ECDSA private key to PEM format #23258
Full working ECDSA signature with OpenSSL
Stackoverflow: Does OpenSSL -sign for ECDSA apply ASN1 encoding to the hash before signing?