Page 1 of 1
Get ECC Public key from Private key
Posted: Mon Jul 02, 2018 10:14 am
by kisvegabor
Hi,
I have a specific private key and I would like calculate it's public key. I'm using 3.0.4 OS and secp256k1 algorithm. Is there any built-in merhod for this?
I succesfully used the KeyPair and KeyBuilder class but it always uses randomly generated private keys.
Re: Get ECC Public key from Private key
Posted: Wed Jul 04, 2018 5:57 am
by DaHuFa
In JavaCardAPI, the description of genKeyPair() is "For the EC case, if the Field, A, B, G and R parameters of the public key object are pre-initialized, then they will be retained. Otherwise default pre-specified values MAY be used (e.g. WAP predefined curves), since computation of random generic EC keys is infeasible on the smart card platform." It only assign parameters of key. It is nothing in public key...
Re: Get ECC Public key from Private key
Posted: Wed Jul 04, 2018 6:05 am
by BirdKing
public key = private key * base point
Re: Get ECC Public key from Private key
Posted: Fri Jul 06, 2018 3:04 am
by kisvegabor
Thank you for the answers. I know the "public key = private key * base point" equation but I don't know whether I should do this multiplication or there is built-in methods for this? It's important because my implementation of EC operations might be vulnerable to side-channel attacks. (
https://en.wikipedia.org/wiki/Side-channel_attack)
Re: Get ECC Public key from Private key
Posted: Fri Jul 06, 2018 5:17 am
by jennyvenus
firstthe code like this
Code: Select all
#define _P "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF"
#define _a "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC"
#define _b "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93"
#define _n "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123"
#define _Gx "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7"
#define _Gy "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0"
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/ebcdic.h>
#include <openssl/ecdsa.h>
/* chinese Sm2 parameters y2 = x3 + ax + b curve */
#define _P "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF"
#define _a "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC"
#define _b "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93"
#define _n "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123"
#define _Gx "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7"
#define _Gy "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0"
....
int sm2_gen_key(PSM2_KEY sm2key)
{
int ret = -1;
EC_KEY* key = NULL;
BN_CTX *ctx = NULL;
EC_GROUP* group = NULL;
EC_POINT* point_p = NULL;
const EC_POINT *point_q = NULL;
BIGNUM *p, *a, *b, *gx, *gy, *z;
assert(sm2key);
p = BN_new();
a = BN_new();
b = BN_new();
gx = BN_new();
gy = BN_new();
z = BN_new();
// init a NULL algoritim group
group = EC_GROUP_new(EC_GFp_mont_method());
// convert SM2 para with bignum
BN_hex2bn(&p, _P);
BN_hex2bn(&a, _a);
BN_hex2bn(&b, _b);
BN_hex2bn(&gx, _Gx);
BN_hex2bn(&gy, _Gy);
BN_hex2bn(&z, _n);
ctx = BN_CTX_new();
if (!EC_GROUP_set_curve_GFp(group, p, a, b,ctx))
{
goto err_process;
}
point_p = EC_POINT_new(group);
if (!EC_POINT_set_affine_coordinates_GFp(group, point_p, gx, gy, ctx))
{
goto err_process;
}
//// check p on curve
if (!EC_POINT_is_on_curve(group, point_p, ctx))
{
ret = -2;
goto err_process;
}
//base poing G
if(!EC_GROUP_set_generator(group, point_p, z, BN_value_one()))
{
ret = -3;
goto err_process;
}
// generate key
key = EC_KEY_new();
if (!EC_KEY_set_group(key, group))
{
ret = -4;
goto err_process;
}
if(!EC_KEY_generate_key(key))
{
ret = -5;
goto err_process;
}
printf("gen key success:\n the prv is %s\n",
BN_bn2hex(EC_KEY_get0_private_key(key)));
sm2key->prv_key.bytes = BN_bn2bin(EC_KEY_get0_private_key(key), sm2key->prv_key.k);
point_q = EC_KEY_get0_public_key(key);
if(!EC_POINT_get_affine_coordinates_GFp(group, point_q, gx, gy , NULL))
{
goto err_process;
}
sm2key->pub_key.bytes = BN_bn2bin(gx, sm2key->pub_key.x);
BN_bn2bin(gy, sm2key->pub_key.y);
ret = 0;
err_process:
if (point_p != NULL)
{
EC_POINT_free(point_p);
}
if (group != NULL)
{
EC_GROUP_free(group);
}
if (ctx != NULL)
{
BN_CTX_free(ctx);
}
if (key != NULL)
{
EC_KEY_free(key);
}
return ret;
}
modify EC_KEY_generate_key with new EC_KEY_generate_key_by_prikey (EC_KEY *eckey, unsigned char *prikey, int prilen )
this function only change random prikey with input prikey
Re: Get ECC Public key from Private key
Posted: Wed Jul 11, 2018 11:07 pm
by BirdKing
Thank you for the answers. I know the "public key = private key * base point" equation but I don't know whether I should do this multiplication or there is built-in methods for this? It's important because my implementation of EC operations might be vulnerable to side-channel attacks. (
https://en.wikipedia.org/wiki/Side-channel_attack)
Do you want protect signature from side-channel attacks with public key? How it work? In my impression, side-channel attacks is collect information and try to analyze your private key. How the public key resist side-channel attacks ?
Re: Get ECC Public key from Private key
Posted: Fri Jul 13, 2018 6:29 am
by kisvegabor
As the public key is created using the private key, the executed instructions and branches can depend on the private key too. This way an attacker can guess the private key by analysing the power consumption of the device and deduce the executed instruction.
That's why I would prefer a built-in, certificated method for this.
Re: Get ECC Public key from Private key
Posted: Sun Jul 15, 2018 11:55 pm
by BirdKing
Maybe you can calculate public key when you set private key. In general, set private key must be in secure environment.