Hey Brendan,
yes, I do think it's possible if the curves are the only critical point.
I do furthermore think that some of the listed curves are already shipped with Crypto++.
Private-Key: (113 bit)
pub: 02:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Field Type: prime-field
Prime: 00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
A: 0
B: 3 (0x3)
Generator (compressed):
02:00:00:00:00:00:00:00:00:00:00:00:00:00:01
Order:
01:00:00:00:00:00:00:xx:xx:xx:xx:xx:xx:xx:xx
Cofactor: 1 (0x1)
I was wondering if anyone could tell me if it is in fact possible to verify a signature created using WTLS-8?A reference to the specification of this curve can be found here: http://technical.openmobilealliance.org/tech/affiliates/wap/wap-261-wtls-20010406-a.pdf (page 90)
We are currently looking at alternatives to OpenSSL and Crypto++ seems like a good way to go.I have spent a little time trying to do this in Crypto++ but I have not had any success as yet. Before I go any further I thought I'd ask the knowledgable folk here.
I was wondering if anyone could tell me if it is in fact possible to verify a signature created using WTLS-8?A reference to the specification of this curve can be found here: http://technical.openmobilealliance.org/tech/affiliates/wap/wap-261-wtls-20010406-a.pdf (page 90)
From page 64 of the document you cited:
enum { anonymous(0), ecdsa_sha(1), rsa_sha(2), (255)} SignatureAlgorithm;
You should be OK with rsa_sha, but its not clear to me if all the ecdsa_sha are supported. To understand why, you need to look at Table 8 on page 86 and the curves WTLS calls out. I *think* Crypto++ will support about 8 of the 12 they specify.We are currently looking at alternatives to OpenSSL and Crypto++ seems like a good way to go.I have spent a little time trying to do this in Crypto++ but I have not had any success as yet. Before I go any further I thought I'd ask the knowledgable folk here.
I think it depends on what you want to accomplish.
Are you interested *only* in verifying a signature that's already been parsed? Or are you interested in the bigger package? Here, the bigger package includes things like implementing the protocol (sub tasks will include asynchronous socket I/O, record layer implementation, X.509 parsing, key exchange, bulk transfer, etc).
If its the former, then Crypto++ should do fine. If the latter, then you are going to have a lot of work because it looks like a re-implementation of TLS. In the case of the latter, you should evaluate another library.
From your other message:
> At the moment, all I have is the public key. I can use OpenSSL to dump
> the output of the public key and can convert it to DER format in Crypto++
> and what I pass it through dumpasn1 it matches...
This should help if its in PEM format: http://www.cryptopp.com/wiki/PEM_Pack. You won't need to use OpenSSL to convert it to ASN.1/DER.
> eg (I'm not entirely comfortable posting the key in a public forum so I
> have obfuscated some of the detail here):
That's fine. Call out the curve you are using from page 88. Or, post the OID, Curve Name or domain parameters (Curve, Base Point and Modulus); keep the Public Point (Q) and the Private Exponent (x) to yourself.
Jeff
ECP curve( p, a, b ); ECP::Point g( gx, gy ); ECP::Point q( qx, qy ); ECDSA<ECP, SHA1>::PublicKey publicKey; publicKey.Initialize( curve, g, n, q ); bool result = publicKey.Validate( prng, 3 ); if( !result ) { ... }
Thanks again
Brendan
>> However how do I construct points q and g)>>> You should be given G. Its the generator, and its part of the domain parameters.?> x is the private exponent, and Q is the public key. To generate `x`, you> pick a random number in [1, p-1] (IIRC). To get Q, you perform Q = xG (IIRC).It just occurred to me what you may have been asking....Use the Initialize() that takes a PRNG. The library will generate x and Q for you.If you use the Initialize() that lacks the PRNG, then you have to supply x and Q.
ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL }
...