Should the same elliptical curve be used to generate the public key and signature?
According to the wiki, a public key in ECDSA is the multiplication of a private key (a random number) by some base point G on an elliptic curve C. And we also use C for both signing and verification.
Can I use some G1 and C1 to generate public key and other C2 curves for signing and verification?
I know this sounds strange, but my actual goal is to use the private GOST keys in ECDSA (I already have them and use them). Hence the GOST post can be generated from the special C1, G1 and Java SHA256withECDSA
, probably uses a different curve that knows.
- How to determine the curve used
Signature ecdsaSign = Signature.getInstance("SHA256withECDSA", "BC");
? -
If the sign and validation is true, does that mean the GOST keys I gave to ECDSA are ECDSA compliant?
Signature ecdsaSign = Signature.getInstance("SHA256withECDSA", "BC"); ecdsaSign.initSign(privateKeyGOST); ecdsaSign.update("aaaa".getBytes("UTF-8")); byte[] signature = ecdsaSign.sign(); Signature ecdsaVerify = Signature.getInstance("SHA256withECDSA", "BC"); ecdsaVerify.initVerify(publicKeyGOST); ecdsaVerify.update("aaaa".getBytes("UTF-8")); System.out.println(); System.out.println(ecdsaVerify.verify(signature)); //TRUE
Please note, this curve for GOST key generation and inner curve SHA256withECDSA
may not be the same, so I am asking this question.
UPDATE
Answer to
Can I use some G1 and C1 to generate public key and other C2 curves for signing and verification?
No, C1 must be equal to C2.
You can find the BC curve - I looked at the SignatureSpi BC sources and saw that the curve parameters were taken from the key. And the detected C2 is equal to the known C1. In other words, not SHA256withECDSA
, but prKey.getAlgorithm()
decides.
BUT!! Key compatibility does not mean that it is safe to use it. The GOST curve has special invariants that can affect some of the steps in ECDSA - an interesting but very difficult question is whether there are any weak points of the GOST curves in ECDSA. So the answer is "compatible, but check math staff carefully before use"
Note that KBKDF will not save due to the weakness of the GOST curve in ECDSA (if it really exists behind the "mathematical cryptography"
source to share
I will answer in order:
- How to determine the curve used by Signature ecdsaSign = Signature.getInstance ("SHA256withECDSA", "BC");
You cannot, because the public and private keys must contain parameters, not an algorithm. However, only the basic curve parameters will be supported by the base library. In the case of the Bonesy castle, these are those for the curves F (p) and F (2 ^ m). These include at least the NIST and Brainpool curves.
- If the sign and validation is true, does that mean the GOST keys I gave to ECDSA are ECDSA compliant?
Yes, you can safely assume that. If this were not so, then there would be something serious with the check. As you now understand it, this is because C1 = C2.
Note that you should not use such secret keys, especially if the secret keys are also used for the GOST algorithm itself. It is good practice not to mix values. Instead, you should use the (left-hand) SHA-256 bytes by the private key value (if you need to use one). It would be even better to use the Key Derivation Key Function (KBKDF).
source to share