Copyright (c) 2013 William Pitcock firstname.lastname@example.org.
This software is free, but copyrighted software. See COPYING for terms and conditions.
what is this?
This tool creates and manipulates ECC NISTP256 keypairs, as used by the
ECDSA-NIST256P-CHALLENGE IALv3.2 mechanism.
It is built ontop of a library called
libecdsaauth, which provides
primitives for patching ECDSA challenge support into pre-existing clients
Also a modified version of the Irssi
cap_sasl.pl script is included, which
ecdsatool to do the authentication, because Perl is hopeless and
doesn't have a working ECDSA implementation. Use the
how to use the tool?
First, lets create a keypair, and store it in
$ ecdsatool keygen /home/nenolod/irc.pem A9T8WQPtyWlP0sEFQaugzQjWHH+hmoRIfFl7yaADaagb
This creates a new ECC NISTP256 keypair and stores it in
The value returned by ecdsatool is the public key, which you may register with
Presently, to do that on Atheme, you would set it as a NickServ property. A better interface for key enrollment will be added soon. To do this, run the following command on IRC:
/msg nickserv set property pubkey A9T8WQPtyWlP0sEFQaugzQjWHH+hmoRIfFl7yaADaagb
recovering the public key from a private key?
$ ecdsatool pubkey /home/nenolod/irc.pem A9T8WQPtyWlP0sEFQaugzQjWHH+hmoRIfFl7yaADaagb
interrogating information about keypairs?
$ ecdsatool keyinfo /home/nenolod/irc.pem Information on /home/nenolod/irc.pem: Private-Key: (256 bit) priv: 00:92:0c:69:ac:48:6b:ef:7e:96:69:0a:94:4b:df: 97:34:00:a8:96:8e:da:05:ec:20:5f:33:36:26:08: b1:51:e5 pub: 03:d4:fc:59:03:ed:c9:69:4f:d2:c1:05:41:ab:a0: cd:08:d6:1c:7f:a1:9a:84:48:7c:59:7b:c9:a0:03: 69:a8:1b Field Type: prime-field Prime: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff A: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:fc B: 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86: bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2: 60:4b Generator (compressed): 03:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4: 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8: 98:c2:96 Order: 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff: ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc: 63:25:51 Cofactor: 1 (0x1) Seed: c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26: b7:81:9f:7e:90
signing challenges from scripts?
$ ecdsatool sign /home/nenolod/irc.pem 'QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE=' MEUCICNBUzxaMXcqyec7q0aZcHMa0HY9NELX869/8tjd58cFAiEA75FzpxmPOcotr0vc8ncEM79DoQRf/bOSoi1yK5X67J8=
- Start authentication by sending
- Wait for an ACK from the IRC network.
- Send the accountname encapsulated in base64.
- Wait for the challenge message from the IRC network.
- Sign the message and send it back, using
ecdsatool signor the library API.
- If everything went to plan, authentication should be successful, and you'll be able to get on the network.