ECDSA

Werner Koch wk at gnupg.org
Mon Jan 11 12:01:38 CET 2010 

On Mon, 11 Jan 2010 11:25:06 +0200, ek645 wrote:
> 
> I have a signing function, currently implemented in OpenSSL, that i'd
> like to convert to libgcrypt. However I can't seem to find good docks
> on ECDSA - specifically the gcrypt equivalent of
> EC_GROUP_new_curve_GFp(), EC_POINT_set_affine_coordinates_GF2m(),
> EC_GROUP_set_generator(), EC_KEY_set_group(), EC_KEY_get0_group().

I don't know OpenSSL's API to ECDSA and thus I can't tell you how to
replace them.  The API in Libgcrypt is very different from the one in
OpenSSL.  Unfortunately there is not yet much code using Libgcrypt's
ECDSA except for tests/benchmark.c and tests/keygrip.c.

The manual gives these hints:

  6.2.3 ECC key parameters
  ------------------------
  
  An ECC private key is described by this S-expression:

       (private-key
         (ecc
           (p P-MPI)
           (a A-MPI)
           (b B-MPI)
           (g G-POINT)
           (n N-MPI)
           (q Q-POINT)
           (d D-MPI)))
  
  P-MPI
       Prime specifying the field GF(p).
  
  A-MPI
  B-MPI
       The two coefficients of the Weierstrass equation y^2 = x^3 + ax + b
  
  G-POINT
       Base point g.
  
  N-MPI
       Order of g
  
  Q-POINT
       The point representing the public key Q = dP.
  
  D-MPI
       The private key d
  
     All point values are encoded in standard format; Libgcrypt does
  currently only support uncompressed points, thus the first byte needs to
  be `0x04'.
  
     The public key is similar with "private-key" replaced by "public-key"
  and no D-MPI.
  
     If the domain parameters are well-known, the name of this curve may
  be used.  For example
  
       (private-key
         (ecc
           (curve "NIST P-192")
           (q Q-POINT)
           (d D-MPI)))
  
     The `curve' parameter may be given in any case and is used to replace
  missing parameters.

A public is is similar; for example:

  char pubkey[] = ("(public-key"
                   " (ecdsa" 
                   " (curve secp256r1)"
                   " (q #04C8A4CE[...]63B344#)))");

Supported curve names are listed in the manual, you may also specify
the parameters as you like.  You will find some working code in
gnupg/sm/ and libksba/src.  That code is table based and thus not easy
to read.

If you have specific questions, just ask.  Best with code samples.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list