ECDSA Signature

27 views
Skip to first unread message

Charlie

unread,
Dec 18, 2009, 6:41:33 AM12/18/09
to Crypto++ Users
Hi everybody!

I have a question about ECDSA signature. What's the different between
signing and verifying in this way:

//Signing
ECDSA<ECP, SHA1>::PrivateKey privateKey;
privateKey.Load(...);

AutoSeededRandomPool prng;
string message = "Yoda said, Do or do not. There is no try.";
string signature;

StringSource( message, true /*pump all*/,
new SignerFilter( prng,
ECDSA<ECP,SHA1>::Signer( privateKey ),
new StringSink( signature )
) // SignerFilter
); // StringSource

//Verifying
ECDSA<ECP, SHA1>::PublicKey publicKey;
publicKey.Load(...);

// Result of the verification process
bool result = false;

// Exactly what was signed in the previous step
string message = ...;
// Output from the signing operation in the previous step
string signature = ...;

StringSource( signature+message, true /*pump all*/,
new SignatureVerificationFilter(
ECDSA<ECP,SHA1>::Verifier(publicKey),
new ArraySink( (byte*)&result, sizeof(result) )
) // SignatureVerificationFilter
);

// Verification failure?
if( !result ) {...}

And in this way:

//Signing...
ECDSA<ECP, SHA1>::PrivateKey privateKey;
privateKey.Load(...);

// Message
string message = "Yoda said, Do or Do Not. There is no try.";

// Signer object
ECDSA<ECP, SHA1>::Signer signer( privateKey );

// Create signature space
size_t length = signer.MaxSignatureLength();
SecByteBlock signature( length );

AutoSeededRandomPool rng;

// Sign message
signer.SignMessage( rng, (const byte*) message.c_str(),
message.length(), signature );

//Verifying...
ECDSA<ECP, SHA1>::PublicKey publicKey;
publicKey.Load(...);

// Verifier object
ECDSA<ECP, SHA1>::Verifier verifier( publicKey );

// Verify
bool result = verifier.VerifyMessage( (const byte*)message.c_str(),
message.length(), signature, signature.size() );

// Result
if( true == result ) {
cout << "Signature on message verified" << endl;
} else {
cout << "Message verification failed" << endl;
}


Thanks.

Eugene Zolenko

unread,
Dec 18, 2009, 11:29:50 AM12/18/09
to Crypto++ Users
First way will throw exception if verification failed, second returns
false.

It is possible to suppress exception I think and get an error code
with some combination of filters and flags. Need to use redirector to
pass in verifier filter without giving up ownership and then check
result of verification.

Anyway, first one also copies message without signature into output
buffer.

Use first when you get signed message that you need to process with
other filters as well (encryption, encoding, etc).

Use second if you have the message already at destination buffer and
you need only to verify it.

Message has been deleted

Charlie

unread,
Dec 18, 2009, 11:54:10 AM12/18/09
to Crypto++ Users
But the result of the signature and the verification is the same in
both cases, isn't it?

Eugene Zolenko

unread,
Dec 18, 2009, 12:24:54 PM12/18/09
to Crypto++ Users
If you mean your result variable, then no :).

Actually I just noticed that it is bool in first case, it supposed to
be std::string or byte queue or char* buffer. Something that can take
copy of contents of your message variable.

Here you just write first byte or few (depending on size of bool) of
the message into boolean.

That is what you are doing:

bool result = *((bool*)message.data());

This is probably not what you want. :)

Jeffrey Walton

unread,
Dec 18, 2009, 1:11:36 PM12/18/09
to Crypto++ Users
Hi Eugene,

> Here you just write first byte or few (depending on size of bool) of
> the message into boolean.

> ...
> bool result = *((bool*)message.data());
I don't believe this is correct. The previous is equivalent to:

StringSource( signature+message, true /*pump all*/,
new SignatureVerificationFilter(
ECDSA<ECP,SHA1>::Verifier(publicKey),

new ArraySink( (byte*)&result, sizeof(result) ),
DEFAULT_FLAGS
) // SignatureVerificationFilter
);

with DEFAULT_FLAGS = SIGNATURE_AT_BEGIN | PUT_RESULT. The
SignatureVerificationFilter puts its result (due to the flag
PUT_RESULT), and the result is declared as 'bool m_verified'. See
filters.h around line 400.

I also took a quick look at 'result' under the debugger. It is indeed
'put' as a bool: 01 CC CC CC (success).

Jeff

> --
> You received this message because you are subscribed to the "Crypto++ Users" Google Group.
> To unsubscribe, send an email to cryptopp-user...@googlegroups.com.
> More information about Crypto++ and this group is available at http://www.cryptopp.com.

Jeffrey Walton

unread,
Dec 18, 2009, 1:15:53 PM12/18/09
to Crypto++ Users
Hi Eugene,

> First way will throw exception if verification failed, second returns
> false.

I don't believe this is correct. DEFAULT_FLAGS = SIGNATURE_AT_BEGIN |
PUT_RESULT, which *does not* include the THROW_EXCEPTION flag. See
filters.h around line 400.

Jeff

Eugene Zolenko

unread,
Dec 18, 2009, 3:12:20 PM12/18/09
to Crypto++ Users
> I don't believe this is correct. DEFAULT_FLAGS = SIGNATURE_AT_BEGIN |
> PUT_RESULT, which *does not* include the THROW_EXCEPTION flag. See
> filters.h around line 400.
>
> Jeff

Ah, damn, sorry :). I only use THROW_EXCEPTION and PUT_MESSAGE, I
didn't check if it was default or not.

PUT_RESULT is an interesting default for a filter, but that's besides
the point.

Reply all
Reply to author
Forward
0 new messages