Reputation: 187
Which curve is SHA1withECDSA using?
I am using SHA1withECDSA to verify signed messages in my java application. Now I want to create a second application in another programming language (node/js) which creates those signed messages.
However I could not find any api which has "SHA1withECDSA". All of them only support ECDSA with a selected curve. So my question: Which ec curve is java using?
Keyfactory:
final KeyFactory keyFactory = KeyFactory.getInstance("EC");
Signature:
final Signature dsa = Signature.getInstance("SHA1withECDSA");
Upvotes: -1
Views: 728
Answers (1)
Reputation: 38771
The {hash}withECDSA algorithms in Java support any curve that can be expressed in an ECPrivateKey object passed to Signature.initSign(key) or (your case) an ECPublicKey object passed to Signature.initVerify(key) which for the standard SunEC provider are any curve expressed in X9.62 (Weierstrass) form. This is basically everything used nowadays except Bernstein et al's {Curve,X,Ed}{25519,448} (EdDSA is an elliptic-curve signature algorithm but not the algorithm named ECDSA).
The standard X9/NIST and TLS curves are predefined, although (edit) accessing them other than for key generation is a bit clumsy; see How does one convert a public EC code point and curve name into a PublicKey? .
Normally the keypair should be generated by the signer, and (only) the publickey distributed to the verifier(s) either in advance of or along with the signature(s) and signed data; often this is done in the form of a certificate, which avoids manual effort and manual mistakes that create vulnerabilities. Java directly supports X.509 certificates, and the publickey format used by them (SubjectPublicKeyInfo aka SPKI); see the javadoc for java.security.spec.X509EncodedKeySpec and java.security.Key. For EC, the SPKI includes the curve identification, but unfortunately the Java API provides no convenient way to get it back out.
If you have an X.509 certificate or just the X.509 SPKI for the publickey in a file, in either DER or PEM format, and have OpenSSL, it can decode and display this info:
openssl x509 -in certfile -inform {der|pem} -text
openssl pkey -in spkifile -inform {der|pem} -pubin -text # 1.0.0 up
openssl ec -in spkifile -inform {der|pem} -pubin -text # 0.9.x
# look at the line labelled ASN1 OID:
Upvotes: 1
Related Questions
- Java 11 Curve25519 Implementation doesn't behave as Signal's libary
- ECDSA signature generation using secp256r1 curve and SHA256 algorithm - BouncyCastle
- Verify SHA1withECDSA signature on Scala
- What is the output format of the SHA256withECDSA signature algorithm?
- Use of Curve25519 in ECDSA
- Choosing curve when generating ECDSA keypair with Java keytool
- ECDSA with SHA256 in Bouncy castle throws No Such Algorithm Exception
- How to convert ECDSA curve parameters for Java Card
- Calculating ECDSA signature in Java as per an RFC test vector
- Identify EC curve in certificate using openssl api