Skip to content

Commit 30390ac

Browse files
peacekeeperpeacekeeper
committed
fix: Fix public key byte encoding for secp256k1.
1 parent e480208 commit 30390ac

File tree

1 file changed

+18
-3
lines changed

1 file changed

+18
-3
lines changed

src/main/java/com/danubetech/keyformats/JWK_to_PublicKey.java

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,16 @@
77
import com.danubetech.keyformats.jose.KeyTypeName;
88
import com.danubetech.keyformats.keytypes.KeyTypeName_for_JWK;
99
import org.bitcoinj.core.ECKey;
10+
import org.bouncycastle.math.ec.ECAlgorithms;
11+
import org.bouncycastle.math.ec.ECPoint;
12+
import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
1013

1114
import java.math.BigInteger;
1215
import java.security.KeyFactory;
16+
import java.security.NoSuchAlgorithmException;
1317
import java.security.interfaces.RSAPrivateKey;
1418
import java.security.interfaces.RSAPublicKey;
19+
import java.security.spec.InvalidKeySpecException;
1520
import java.security.spec.RSAPrivateKeySpec;
1621
import java.security.spec.RSAPublicKeySpec;
1722

@@ -45,7 +50,7 @@ public static RSAPublicKey JWK_to_RSAPublicKey(JWK jsonWebKey) {
4550
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
4651
RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(new BigInteger(jsonWebKey.getNdecoded()), new BigInteger(jsonWebKey.getEdecoded()));
4752
return (RSAPublicKey) keyFactory.generatePrivate(rsaPublicKeySpec);
48-
} catch (Exception ex) {
53+
} catch (InvalidKeySpecException | NoSuchAlgorithmException ex) {
4954
throw new RuntimeException(ex.getMessage(), ex);
5055
}
5156
}
@@ -62,15 +67,25 @@ public static ECKey JWK_to_secp256k1PublicKey(JWK jsonWebKey) {
6267
if (! KeyType.EC.equals(jsonWebKey.getKty())) throw new IllegalArgumentException("Incorrect key type: " + jsonWebKey.getKty());
6368
if (! Curve.secp256k1.equals(jsonWebKey.getCrv())) throw new IllegalArgumentException("Incorrect curve: " + jsonWebKey.getCrv());
6469

65-
return ECKey.fromPublicOnly(jsonWebKey.getXdecoded());
70+
return ECKey.fromPublicOnly(JWK_to_secp256k1PublicKeyBytes(jsonWebKey));
6671
}
6772

6873
public static byte[] JWK_to_secp256k1PublicKeyBytes(JWK jsonWebKey) {
6974

7075
if (! KeyType.EC.equals(jsonWebKey.getKty())) throw new IllegalArgumentException("Incorrect key type: " + jsonWebKey.getKty());
7176
if (! Curve.secp256k1.equals(jsonWebKey.getCrv())) throw new IllegalArgumentException("Incorrect curve: " + jsonWebKey.getCrv());
7277

73-
return jsonWebKey.getXdecoded();
78+
byte[] xDecoded = jsonWebKey.getXdecoded();
79+
if (xDecoded.length != 32) throw new IllegalArgumentException("Invalid 'x' value (not 32 bytes): " + jsonWebKey.getX() + ", length=" + jsonWebKey.getXdecoded().length);
80+
byte[] yDecoded = jsonWebKey.getYdecoded();
81+
if (yDecoded.length != 32) throw new IllegalArgumentException("Invalid 'y' value (not 32 bytes): " + jsonWebKey.getY() + ", length=" + jsonWebKey.getYdecoded().length);
82+
83+
byte[] publicKeyBytes = new byte[65];
84+
publicKeyBytes[0] = 4;
85+
System.arraycopy(xDecoded, 0, publicKeyBytes, 1, 32);
86+
System.arraycopy(yDecoded, 0, publicKeyBytes, 33, 32);
87+
88+
return publicKeyBytes;
7489
}
7590

7691
public static byte[] JWK_to_BLS12381_G1PublicKeyBytes(JWK jsonWebKey) {

0 commit comments

Comments
 (0)