-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
file Examples/ecdsa-examples/ecdsa-sig-01.json #79
Comments
The curve to be used is controlled not by the kty field, but by the crv field. And yes this is the nistp256 curve. I can see changing the string to match the document, but JOSE uses the string 'EC' so that is what I kept for this purpose. (I have similar tests that run over JOSE as well.) I have a different SHA256 value than what you are displaying. The string to be hashed is part of file - in "Intermediates"."ToBeSigned_Hex" - check for seeing what is different there |
Thanks Jim. I confirmed that I am producing the same input to the SHA256 (yes, the ToBeSigned_Hex). |
Just to be sure my Ruby library wasn't doing something weird.... And I'm pretty sure this matches your ToBeSigned input.
Maybe I'm ignorant of some aspect of how the SHA256 digest should be calculated? It's not in HMAC formulation is it? |
I thought I'd go on to making my own signatures, and I'd use your private keys. So just for initial fun, I used the d value presented to derive the public key points again. That should be easy. The result was a surprise. The X values match, but the Y values did not!
|
https://gist.github.com/mcr/b1c9dd9cfcab249e73200d0d056ac0da . |
byte 12 in your input is different. You decode to I decode to |
Thanks for checking that. My eyes couldn't see it. It's that damn empty array encoding... |
This file says:
but, page 38 of draft-ietf-cose-msg-24.txt says:
while the kty field is not part of the signature this did raise some concern that I'm verifying with the wrong group! Please confirm that this file using the NIST 'nistp256' curve? (not secp256XX?)
I'm feeding the following digest into the signature validation:
(byebug) sha256.unpack("H*")
["45e243bb7071e72a288416ccb9cfbd2932fe1926916fe85b344141ecce91e4bb"]
(byebug) sig01_pub_key
#<ECDSA::Point: nistp256, 0xbac5b11cad8f99f9c72b05cf4b9e26d244dc189f745228255a219a86d6a09eff, 0x20138b0b706db558af8254ab7804a3a64b6d72ccf5adbedbb4a2eff045f8>
(byebug) signature
#<ECDSA::Signature:0x00000001f1df00 @s=51765963774164195565914350724151000343397507914291589008366842864028004758943, @r=106251839252054433277813174560343063247957774643926440805394321619487281072353>
I wonder if I've gotten something trivial screwed up? Order or r/s maybe.
The text was updated successfully, but these errors were encountered: