Java ECC encoded Key too large

后端 未结 2 483
我寻月下人不归
我寻月下人不归 2021-01-14 19:25

I am new to the EC-encryption and have some struggle with it. I am using Java 8 and the BouncyCatle provider. The Question I have now is: when I generate an EC-KeyPair with

相关标签:
2条回答
  • 2021-01-14 20:03

    The code (modified from BouncyCastle) below can work with any public key (not only secp521r1)

    
    import org.bouncycastle.asn1.ASN1ObjectIdentifier;
    import org.bouncycastle.asn1.DERNull;
    import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
    import org.bouncycastle.asn1.x9.X962Parameters;
    import org.bouncycastle.asn1.x9.X9ECParameters;
    import org.bouncycastle.asn1.x9.X9ECPoint;
    import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
    import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
    import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
    import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
    import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
    import org.bouncycastle.jce.provider.BouncyCastleProvider;
    import org.bouncycastle.jce.spec.ECNamedCurveSpec;
    import org.bouncycastle.math.ec.ECCurve;
    
    import java.math.BigInteger;
    import java.security.KeyFactory;
    import java.security.Security;
    import java.security.spec.ECParameterSpec;
    import java.security.spec.X509EncodedKeySpec;
    import java.util.Base64;
    
    public class TestCompressionEncoded {
    
        static X962Parameters getDomainParametersFromName(ECParameterSpec ecSpec, boolean compress) {
            X962Parameters x962Param;
            if (ecSpec instanceof ECNamedCurveSpec) {
                ASN1ObjectIdentifier var3 = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
                if (var3 == null) {
                    var3 = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
                }
    
                x962Param = new X962Parameters(var3);
            } else if (ecSpec == null) {
                x962Param = new X962Parameters(DERNull.INSTANCE);
            } else {
                ECCurve var5 = EC5Util.convertCurve(ecSpec.getCurve());
                X9ECParameters var4 = new X9ECParameters(var5, new X9ECPoint(EC5Util.convertPoint(var5, ecSpec.getGenerator()), compress), ecSpec.getOrder(), BigInteger.valueOf((long)ecSpec.getCofactor()), ecSpec.getCurve().getSeed());
                x962Param = new X962Parameters(var4);
            }
            return x962Param;
        }
    
        static byte[] encodeKeyWithCompression(BCECPublicKey x) throws Exception {
            AlgorithmIdentifier var1 = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, getDomainParametersFromName(x.getParams(), true));
            byte[] var2 = x.getQ().getEncoded(true);
            return KeyUtil.getEncodedSubjectPublicKeyInfo(var1, var2);
        }
    
        public static void main(String...args) throws Exception {
            Security.addProvider(new BouncyCastleProvider());
            String publicKey = "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELPqrW2JAXKTbjfh9M3X3b85Uje7T0r2gu7qKPmmyagGFnfckwVFpKg10+S2ttJYVUB4q+kPpnJg/YHV5xMnSLA==";
            KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC");
            BCECPublicKey bcePubKey = (BCECPublicKey) fact.generatePublic(new X509EncodedKeySpec( Base64.getDecoder().decode(publicKey)));
    
            System.out.println("Uncompressed encoded value: " + publicKey);
            System.out.println("Compressed encoded value: " + Base64.getEncoder().encodeToString(encodeKeyWithCompression(bcePubKey)));
        }
    }
    
    

    The output (for prime256v1)

    Uncompressed encoded value: MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELPqrW2JAXKTbjfh9M3X3b85Uje7T0r2gu7qKPmmyagGFnfckwVFpKg10+S2ttJYVUB4q+kPpnJg/YHV5xMnSLA==
    Compressed encoded value: MDYwEAYHKoZIzj0CAQYFK4EEAAoDIgACLPqrW2JAXKTbjfh9M3X3b85Uje7T0r2gu7qKPmmyagE=
    
    
    0 讨论(0)
  • 2021-01-14 20:05

    An ECC publickey is semantically a point on a curve; if the curve you name is implied, a point in X9.62 format is either 67 octets (Java bytes) if compressed or 133 octets if uncompressed, never any other length.

    If you mean java.security.PublicKey.getEncoded() that is always in what Java calls "X.509" encoding which is actually the ASN.1 structure SubjectPublicKeyInfo (SPKI) defined in X.509 and more conveniently available in rfc5280 sec 4.1, encoded as DER. An ECC publickey on that curve in this format is is 90 or 158 octets, exactly, for uncompressed or compressed, and the Java providers (at least currently) produce the uncompressed form (although they can parse compressed).

    It sounds like you may want the X9.62 compressed format, which as I said is 67 bytes (not 65 or 66). If so, you can't control point compression in the standard Java API, but the BouncyCastle implementation classes do support it, given you have key objects created by the BC provider. First cast keypair.getPublicKey() to (corr) org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey (before 1.47 was org.bouncycastle.jce.provider.JCEECPublicKey) and then getQ() returns an org.bouncycastle.math.ec.ECPoint which has an (overloaded) getEncoded(boolean compressed) which produces what you apparently want.


    For your additional but not (yet?) official question, to re-create a PublicKey object from an encoded point (compressed or not), you have two or three options depending how you count:

    • construct an ASN.1/DER-encoded SubjectPublicKeyInfo structure (which Java calls "X.509" format) for this curve and point, put it in X509EncodedKeySpec, and run that through an appropriate KeyFactory. Either the standard SunEC provider (assuming j7+, and not a RedHat-crippled version) or the BC provider can be used. Constructing ASN.1 encodings like SPKI by hand is difficult in general but not bad in this specific case; or given you have BC you can use its ASN.1 functionality

    • call the BC routines directly to do what the EC KeyFactory would do for the above input

    Example code for creating a point and then using it all three ways:

    // as needed in addition to standard java.security and javax.xml 
    import org.bouncycastle.asn1.ASN1EncodableVector;
    import org.bouncycastle.asn1.DERBitString;
    import org.bouncycastle.asn1.DERSequence;
    import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
    import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
    import org.bouncycastle.asn1.x9.X962Parameters;
    import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
    import org.bouncycastle.crypto.params.ECPublicKeyParameters;
    import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
    import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
    import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
    import org.bouncycastle.jcajce.provider.config.ProviderConfiguration;
    import org.bouncycastle.jce.provider.BouncyCastleProvider;
    import org.bouncycastle.math.ec.ECCurve;
    import org.bouncycastle.math.ec.ECPoint;
    
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC");
        kpg.initialize(new ECGenParameterSpec("secp521r1"));
        org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey ku = 
                (org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey)kpg.generateKeyPair().getPublic();
        byte[] encodedpoint = ku.getQ().getEncoded(true/*compressed*/);
    
        { // construct SPKI by hand, this curve only
            byte[] hdr = DatatypeConverter.parseHexBinary("3058301006072a8648ce3d020106052b81040023034400");
            // could also write out byte[] hdr = {0x30,0x58,0x30,0x10... but items with 0x80 set need casts
            if( 0x44 /*hdr[0x15]*/ -1 != encodedpoint.length ) throw new Exception ("BAD COMPRESSED POINT FOR secp521r1!");
            byte[] spki = Arrays.copyOf(hdr,90); System.arraycopy(encodedpoint,0, spki,0x17, 0x43);
            PublicKey k2 = KeyFactory.getInstance("EC" /*,provider?*/).generatePublic(new X509EncodedKeySpec(spki));
            Signature.getInstance("ECDSA").initVerify(k2); // sanity check
        }
        { // construct SPKI with BC
            AlgorithmIdentifier algid = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey,SECObjectIdentifiers.secp521r1);
            ASN1EncodableVector vec = new ASN1EncodableVector();
            vec.add(algid); vec.add(new DERBitString(encodedpoint));
            byte[] spki = new DERSequence(vec).getEncoded();
            PublicKey k2 = KeyFactory.getInstance("EC" /*,provider*/).generatePublic(new X509EncodedKeySpec(spki));
            Signature.getInstance("ECDSA").initVerify(k2); // sanity check
        }
        { // call BC directly
            ProviderConfiguration configuration = BouncyCastleProvider.CONFIGURATION;
            X962Parameters params = X962Parameters.getInstance(org.bouncycastle.asn1.sec.SECObjectIdentifiers.secp521r1);
            ECCurve curve = EC5Util.getCurve(configuration, params);
            /*ECParameterSpec ecSpec = EC5Util.convertToSpec(params, curve);*/
            ECPoint point = curve.decodePoint(encodedpoint).normalize();
            ECPublicKeyParameters kparams = new ECPublicKeyParameters(point, ECUtil.getDomainParameters(configuration, params));
            PublicKey k2 = new BCECPublicKey ("EC"/* or "ECDH" etc*/, kparams, configuration);
            Signature.getInstance("ECDSA").initVerify(k2); // sanity check
        }
    

    Related Loading raw 64-byte long ECDSA public key in Java which is for P256 uncompressed.

    0 讨论(0)
提交回复
热议问题