Problems with ECDSA signature and verification
Matt Caswell
matt at openssl.org
Mon Oct 17 09:41:46 UTC 2022
On 17/10/2022 09:34, Fernando Elena Benavente wrote:
> Hi guys, we are having problems with the implementation of the signature
> and verification of messages with ECDSA, because the demo of ECDSA in
> github us does not allow us to determine the type of ECDSA curve,
I assume you are looking at this demo:
https://github.com/openssl/openssl/blob/master/demos/signature/EVP_Signature_demo.c
The curve in use is a property of the key. So if you want to use a
different curve then you need to generate a key for use with that
different curve, e.g. for a key using the P-256 curve you can generate a
PEM format one from the command line like this:
$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out
privkey.pem
Or a DER format one like this:
$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out
privkey.der -outform DER
To do this in C code you can just use the simple one liner:
EVP_PKEY *pkey = EVP_EC_gen("P-256");
Also see this demo code if your keygen requirements are more complex
than just simply specifying the curvename:
https://github.com/openssl/openssl/blob/master/demos/pkey/EVP_PKEY_EC_keygen.c
> In
> addition, we have seen that we have problems when it comes to having
> strings and EVP_PKEY and not being able to pass one to another and vice
> versa.
Your question here is lacking detail. It's unclear what you are trying
to do, what you expected to happen and what actually happens.
> We are also not able to print EVP_PKEY keys because the BIO
> functions in our version (3.0) are deprecated.
See the functions here:
https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_print_public.html
Matt
> If you know the functions
> to make this signature and verification from strings or even another
> ECDSA example, would be great help for us.
>
> Thanks for your help.
>
> -Fernando
>
More information about the openssl-users
mailing list