小结
本文记录了使用OpenSSL指令测试椭圆曲线签名算法ECDSA,进行了以下操作:生成椭圆曲线secp256r1 公私密钥对,使用OpenSSL指令及secp256r1算法对输入的数据使用私钥获得签名,使用OpenSSL指令对获得的签名对输入的数据使用公钥进行认证。
问题及解决
名词:
- Elliptic Curve Digital Signature Algorithm (ECDSA)
- DER (Distinguished Encoding Rules)
获取secp256r1的公钥和私钥
C:\ECDSA_OPenssl_Test>openssl ecparam -name secp256r1 -genkey -noout -out ec-secp256r1-priv-key25Mar2024.pem
using curve name prime256v1 instead of secp256r1
C:\ECDSA_OPenssl_Test>
得到一个PEM格式的私钥:
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEmZBPmaZyg3sPqq9kdKxJq+hFp2POf2fAq0nixBw0HkoAoGCCqGSM49
AwEHoUQDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv4vxlvkFfUw6XZhLXC6TE00c5
VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END EC PRIVATE KEY-----
从base 64转化为hex:
30770201010420499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4a00a06082a8648ce3d030107a1440342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
查看私钥信息:
C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:
49:99:04:f9:9a:67:28:37:b0:fa:aa:f6:47:4a:c4:
9a:be:84:5a:76:3c:e7:f6:7c:0a:b4:9e:2c:41:c3:
41:e4
pub:
04:26:e0:96:f2:a3:ec:50:c1:24:f0:d4:13:6a:84:
54:99:e3:ac:9a:cc:af:e2:fc:65:be:41:5f:53:0e:
97:66:12:d7:0b:a4:c4:d3:47:39:54:e1:5e:7f:19:
92:a6:16:3b:04:ec:bc:a5:81:3b:65:db:b5:22:3a:
61:27:e6:ce:f8
ASN1 OID: prime256v1
NIST CURVE: P-256
从上可以看到,这里私钥的原始值是499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4
可以通过私钥获取公钥:
C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -pubout > ec-secp256r1-pub-key25Mar2024.pem
read EC key
writing EC key
公钥的PEM格式是:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv
4vxlvkFfUw6XZhLXC6TE00c5VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END PUBLIC KEY-----
从base 64转化为hex:
3059301306072a8648ce3d020106082a8648ce3d0301070342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
查看公钥:
C:\ECDSA_OPenssl_Test>openssl ec -pubin -in ec-secp256r1-pub-key25Mar2024.pem -noout -text
read EC key
Public-Key: (256 bit)
pub:
04:26:e0:96:f2:a3:ec:50:c1:24:f0:d4:13:6a:84:
54:99:e3:ac:9a:cc:af:e2:fc:65:be:41:5f:53:0e:
97:66:12:d7:0b:a4:c4:d3:47:39:54:e1:5e:7f:19:
92:a6:16:3b:04:ec:bc:a5:81:3b:65:db:b5:22:3a:
61:27:e6:ce:f8
ASN1 OID: prime256v1
NIST CURVE: P-256
这里的公钥的原始值:26e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8
DER格式
在加解密操作中,也常用DER格式,例如使用编程,或者需要使用openssl指令进行操作
DER (Distinguished Encoding Rules) is a binary encoding for X.509 certificates and private keys.
以下是将一个私钥的PEM格式转换为DER格式:
C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-pub-key25Mar2024.pem -pubout -outform DER -out ec-secp256r1-pub-key25Mar2024.der
read EC key
writing EC key
下面查看转换为DER格式后的内容:
[