Lev Knoblock
Reputation: 612
Deriving ECDSA Public Key from Private Key
I was attempting to generate a public ECDSA key from a private key, and I haven't managed to find much help on the internet as to how to do this. Pretty much everything is for generating a public key from a public key spec, and I don't know how to get that. So far, this is what I've put together:
public void setPublic() throws GeneralSecurityException {
ECNamedCurveParameterSpec params = ECNamedCurveTable.getParameterSpec("secp256k1");
KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC");
ECCurve curve = params.getCurve();
java.security.spec.EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, params.getSeed());
java.security.spec.ECPoint point = ECPointUtil.decodePoint(ellipticCurve, this.privateKey.getEncoded());
java.security.spec.ECParameterSpec params2=EC5Util.convertSpec(ellipticCurve, params);
java.security.spec.ECPublicKeySpec keySpec = new java.security.spec.ECPublicKeySpec(point,params2);
this.publicKey = fact.generatePublic(keySpec);
}
However, when running, I get the following error:
Exception in thread "main" java.lang.IllegalArgumentException: Invalid point encoding 0x30
at org.bouncycastle.math.ec.ECCurve.decodePoint(Unknown Source)
at org.bouncycastle.jce.ECPointUtil.decodePoint(Unknown Source)
at Wallet.Wallet.setPublic(Wallet.java:125)
What am I doing wrong? Is there a better/easier way to do this?
EDIT: I've managed to get some code to compile, but it does not work correctly:
public void setPublic() throws GeneralSecurityException {
BigInteger privKey = new BigInteger(getHex(privateKey.getEncoded()),16);
X9ECParameters ecp = SECNamedCurves.getByName("secp256k1");
ECPoint curvePt = ecp.getG().multiply(privKey);
BigInteger x = curvePt.getX().toBigInteger();
BigInteger y = curvePt.getY().toBigInteger();
byte[] xBytes = removeSignByte(x.toByteArray());
byte[] yBytes = removeSignByte(y.toByteArray());
byte[] pubKeyBytes = new byte[65];
pubKeyBytes[0] = new Byte("04");
System.arraycopy(xBytes, 0, pubKeyBytes, 1, xBytes.length);
System.arraycopy(yBytes, 0, pubKeyBytes, 33, xBytes.length);
ECNamedCurveParameterSpec params = ECNamedCurveTable.getParameterSpec("secp256k1");
KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC");
ECCurve curve = params.getCurve();
java.security.spec.EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, params.getSeed());
java.security.spec.ECPoint point = ECPointUtil.decodePoint(ellipticCurve, pubKeyBytes);
java.security.spec.ECParameterSpec params2 = EC5Util.convertSpec(ellipticCurve, params);
java.security.spec.ECPublicKeySpec keySpec = new java.security.spec.ECPublicKeySpec(point,params2);
this.publicKey = fact.generatePublic(keySpec);
}
private byte[] removeSignByte(byte[] arr)
{
if(arr.length==33)
{
byte[] newArr = new byte[32];
System.arraycopy(arr, 1, newArr, 0, newArr.length);
return newArr;
}
return arr;
}
When I run it, it generates a publicKey, but it's not the same one that the private key corresponds to.
Upvotes: 11
Views: 15724
Answers (3)
Quuxplusone
Reputation: 27155
I came here with the same problem in Kotlin, so, in case it helps anyone, here's how I derived the PublicKey from an ECDSA PrivateKey in Kotlin. This code is based on Lev Knoblock's Java answer and then trial-and-errored until it worked.
In my case I knew that my key used the secp256k1 curve, so I could hard-code that part. I didn't bother to learn how to generalize it to other curves.
import java.security.KeyFactory
import java.security.KeyPair
import java.security.PrivateKey
import java.security.PublicKey
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo
import org.bouncycastle.jce.ECNamedCurveTable
import org.bouncycastle.jce.interfaces.ECPrivateKey
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec
import org.bouncycastle.jce.spec.ECPublicKeySpec
import org.bouncycastle.math.ec.ECPoint
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter
import org.bouncycastle.openssl.PEMParser
fun getECPrivateKeyFromPEM(privatePem: String): ECPrivateKey {
val pemParser = PEMParser(privatePem.reader())
val privateKeyInfo = pemParser.readObject() as PrivateKeyInfo
return JcaPEMKeyConverter().getPrivateKey(privateKeyInfo) as ECPrivateKey
}
fun getKeyPairFromECPrivateKey(privateKey: ECPrivateKey): KeyPair {
val keyFactory: KeyFactory = KeyFactory.getInstance("ECDSA", "BC")
val spec: ECNamedCurveParameterSpec = ECNamedCurveTable.getParameterSpec("secp256k1")
val Q: ECPoint = spec.getG().multiply(privateKey.getD())
val publicKey: PublicKey = keyFactory.generatePublic(ECPublicKeySpec(Q, spec))
return KeyPair(publicKey, privateKey)
}
And here's my test harness:
import java.io.StringWriter
import org.bouncycastle.openssl.jcajce.JcaPEMWriter
fun main() {
val privatePem = """
|-----BEGIN PRIVATE KEY-----
|MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg55EMdhNJX+YN/bjN
|Eof91oKqEqD0QidEsRMhHBwSRjShRANCAARnSFpE0LDugORBWlSJz0Zf9e0mR9s6
|tlxSeo1Nbd2vv9LDedm+l/CfZpbyYvPm49DAKDhkUHFIVDd2SsiPrRa7
|-----END PRIVATE KEY-----
""".trimMargin()
val privateKey: ECPrivateKey = getECPrivateKeyFromPEM(privatePem)
val pair: KeyPair = getKeyPairFromECPrivateKey(privateKey)
val pems: String = StringWriter().use {
val pemWriter = JcaPEMWriter(it)
pemWriter.writeObject(pair.getPublic())
pemWriter.writeObject(pair.getPrivate())
pemWriter.flush()
it.toString()
}
println(pems)
}
This prints out:
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEcE4HMAHLDvPr6xHKsjhPXJzTdxLlRRR8
BfYnI2TGb0QLTFyyXm13CeYiLnxbkGhSvz9ZRo0zGQygKPVpgiThSw==
-----END PUBLIC KEY-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIOeRDHYTSV/mDf24zRKH/daCqhKg9EInRLETIRwcEkY0oAoGCCqGSM49
AwEHoUQDQgAEZ0haRNCw7oDkQVpUic9GX/XtJkfbOrZcUnqNTW3dr7/Sw3nZvpfw
n2aW8mLz5uPQwCg4ZFBxSFQ3dkrIj60Wuw==
-----END EC PRIVATE KEY-----
Upvotes: 3
Michael Wenocur
Reputation: 41
Building on the previous answer one can extend this to the case that all one is given is a private key satisfying BCECPrivateKey interface:
DerivePubKeyFromPrivKey(BCECPrivateKey definingKey, Provider provider) {
KeyFactory keyFactory = KeyFactory.getInstance("EC", provider);
BigInteger d = definingKey.getD();
org.bouncycastle.jce.spec.ECParameterSpec ecSpec =
definingKey.getParameters();
ECPoint Q = definingKey.getParameters().getG().multiply(d);
org.bouncycastle.jce.spec.ECPublicKeySpec pubSpec = new
org.bouncycastle.jce.spec.ECPublicKeySpec(Q, ecSpec);
PublicKey publicKeyGenerated = keyFactory.generatePublic(pubSpec);
return publicKeyGenerated;
}
Upvotes: 4
Lev Knoblock
Reputation: 612
So after a while, I figured out a solution and decided to post it in case anyone else has the same issue as me:
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256k1");
ECPoint Q = ecSpec.getG().multiply(((org.bouncycastle.jce.interfaces.ECPrivateKey) this.privateKey).getD());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(Q, ecSpec);
PublicKey publicKeyGenerated = keyFactory.generatePublic(pubSpec);
this.publicKey = publicKeyGenerated;
EDIT: Removed the code decoding the ECPoint as per @MaartenBodewes comment.
Upvotes: 12
Related Questions
- Generate ECPublicKey from ECPrivateKey
- Elliptic Curve Cryptography (ECDSA) Private Key Matches Public Key (Java - Bouncy Castle)
- How derive ed25519 (eddsa) public key from private key using Java
- Codes to generate a public key in an elliptic curve algorithm using a given private key
- Derive EC public key from private key string in native Java for curve secp256k1
- Bouncy Castle ECDSA Create Public Key from Private Key
- Create EC private key from hex string
- How do I obtain the public key from an ECDSA private key in Java with Bouncy Castle?
- How can I get a PublicKey object from EC public key bytes?
- Elliptic Curve with Digital Signature Algorithm (ECDSA) implementation on BouncyCastle