[openssl-users] What does EC_KEY_get0_public_key deliver?

Matt Caswell matt at openssl.org
Fri Jan 9 11:06:11 UTC 2015 


On 09/01/15 10:55, Christian Weber wrote:
> Am 09.01.2015 um 01:11 schrieb Matt Caswell: On 09/01/15 00:05,
> Christian Weber wrote:
>>> Thanks Matt, i just assumed the BIGNUMs were the coordinates without
>>> any projection - obviously that assumption was wrong - mislead by the
>>> funtions name.
>>>
>> What interests me is to how you accessed the BIGNUMs in the first place!
>> The EC_POINT structure is opaque and is defined in an internal header
>> file!! Applications shouldn't be reaching into those.
>>
>> Matt
> Actually i imported the internal header so the structure was known. I
> marked the import as HACK to access exactly that EC_POINT structure. The
> hack was carried out because of the lack of knowledge about how to
> access the public key.
> 
> I yust did not understand the intention for hiding the EC_POINT
> structure and didn't find information about how to access the coordinate
> values which i need to compare with coordinates from other sources (XML
> Dsig, Element <ds:KeyValue>) or placing them elsewhere.
> 
> So could you please give a hint or a pointer to where the intended
> access can be found?

All access is via the EC_POINT_* functions which are described here:
https://www.openssl.org/docs/crypto/EC_POINT_new.html
and here:
https://www.openssl.org/docs/crypto/EC_POINT_add.html

> 
> BTW: How does one find out which type of ECC is being used (binary or
> prime)?

Use the function EC_METHOD_get_field_type described here:
https://www.openssl.org/docs/crypto/EC_GFp_simple_method.html


> BTW2: Which compact representation of any public key would you recommend
> (for program internal comparisons)?

I wouldn't worry about the internal representation at all. If you have
the co-ordinates of a point you want to compare against then construct
the point using EC_POINT_new, and set its co-ords using one of the
various functions for doing so. Then use EC_POINT_cmp.

> 
> Surely i will ban the internal header from my sources as they are not
> neccessary.

Please do! They are internal for a reason, and may change without notice.

Matt

More information about the openssl-users mailing list