The exclusive promotional activities on JCOP J3H145 card and Feitian R301 Smartcard Reader are in full swing. Please check this page for details.

ECDSA (secp256k1) Signature Verification Fails

Algorithm School

Moderator: UNKNwYSHSA

bogdanwallee
Posts: 1
Joined: Tue Apr 09, 2019 4:09 pm
Points :38
Contact:

ECDSA (secp256k1) Signature Verification Fails

Post by bogdanwallee » Sat May 04, 2019 7:34 am

I have an issue with verification of a ECDSA Signature made on javacard. I am trying to verify the signature in Javascript(Elliptic) but the verification always fails.

My applet(javacard) looks like:

Code: Select all

//initialization
ecdsa = Signature.getInstance(Signature.ALG_ECDSA_SHA_256, false);
eccKey=SecP256k1.newKeyPair(); //in SecP256k1 the p,a,b,g,r,k are set
eccKey.genKeyPair();

//singing method
ecdsa.init(eccKey.getPrivate(), Signature.MODE_SIGN);

//Generates the signature of all input data.
short lenTmp = ecdsa.sign(buffer, ISO7816.OFFSET_CDATA, (short)1, buffer, 
(short)0);
//I tried also to sigh precomputed hash - same result
/*short lenTmp = ecdsa.signPreComputedHash(buffer, ISO7816.OFFSET_CDATA, 
len, buffer, (short)0); */

apdu.setOutgoingAndSend((short)0, lenTmp);
I get a private key

Code: Select all

(e.g. : 3E05E289911E66A8153EE9C15A0AFC109C49207DB9DC4656CC4D092323EA65BC)
When I sign a message

Code: Select all

(e.g : 0x01)
I get the signature in DER format:

Code: Select all

304402205F376BB2B2D48BBB0275099C3B9591F18ECA424DD953EB27FDE37BA819B98F980220539A85B91491E977F6B31B5A76BEF6805BBC3B6481A51C23B9E7C6F39FB70569
Also its verification is successful on javacard.. But when I try to verify it on nodejs, or openssl, or any online site it always fails. My code looks like:

Code: Select all

let elliptic = require('elliptic');
let ec = new elliptic.ec('secp256k1');
let keyPair = ec.keyFromPrivate("3E05E289911E66A8153EE9C15A0AFC109C49207DB9DC4656CC4D092323EA65BC");
let privKey = keyPair.getPrivate("hex");
let pubKey = keyPair.getPublic();
let signature = "304402205F376BB2B2D48BBB0275099C3B9591F18ECA424DD953EB27FDE37BA819B98F980220539A85B91491E977F6B31B5A76BEF6805BBC3B6481A51C23B9E7C6F39FB70569";
let msg = 0x01;
let validSig = ec.verify(msg, signature, pubKey);
console.log("Signature valid?", validSig);//returns always false
Also, if I sign the same message with the same key on nodejs, the verification is successful.

Moreover, I noticed that the signature is always different in javacard, while the signature on elliptic is always the same, maybe it always chosses the same random k.

tay00000
Posts: 141
Joined: Tue Sep 27, 2016 10:58 am
Points :1888
Contact:

Re: ECDSA (secp256k1) Signature Verification Fails

Post by tay00000 » Tue May 07, 2019 7:23 am

Firstly, what is this ?

Code: Select all

SecP256K1.newKeyPair()
and how did you derive that ? This is not a default JavaCard API and it seems like some class you made or you imported. We will need more information on that if you can comfortably provide it.

This seems to be crucial as it determines how the SECP-256K1 parameters are set.

I would suggest you use code from https://github.com/JavaCardOS/BitcoinWa ... 256k1.java and simply change the package to whatever package you are using.

The 'k' is always randomly generated on JavaCard and for other libraries like BouncyCastle or some JavaScript libraries, they may either use static variables or deterministic derivations like HMAC based derivations of 'k'. Random or deterministic 'k' should not impact signatures and are highly unlikely the key problem.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 2 guests

JavaCard OS : Disclaimer