使用OpenSSL指令测试椭圆曲线签名算法ECDSA

小结

本文记录了使用OpenSSL指令测试椭圆曲线签名算法ECDSA，进行了以下操作：生成椭圆曲线secp256r1 公私密钥对，使用OpenSSL指令及secp256r1算法对输入的数据使用私钥获得签名，使用OpenSSL指令对获得的签名对输入的数据使用公钥进行认证。

问题及解决

名词：

• Elliptic Curve Digital Signature Algorithm (ECDSA)
• DER (Distinguished Encoding Rules)

获取secp256r1的公钥和私钥

C:\ECDSA_OPenssl_Test>openssl ecparam -name secp256r1 -genkey -noout -out ec-secp256r1-priv-key25Mar2024.pem
using curve name prime256v1 instead of secp256r1C:\ECDSA_OPenssl_Test>

得到一个PEM格式的私钥：

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEmZBPmaZyg3sPqq9kdKxJq+hFp2POf2fAq0nixBw0HkoAoGCCqGSM49
AwEHoUQDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv4vxlvkFfUw6XZhLXC6TE00c5
VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END EC PRIVATE KEY-----

从base 64转化为hex:

30770201010420499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4a00a06082a8648ce3d030107a1440342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8

查看私钥信息：

C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:49:99:04:f9:9a:67:28:37:b0:fa:aa:f6:47:4a:c4:9a:be:84:5a:76:3c:e7:f6:7c:0a:b4:9e:2c:41:c3:41:e4
pub:04:26:e0:96:f2:a3:ec:50:c1:24:f0:d4:13:6a:84:54:99:e3:ac:9a:cc:af:e2:fc:65:be:41:5f:53:0e:97:66:12:d7:0b:a4:c4:d3:47:39:54:e1:5e:7f:19:92:a6:16:3b:04:ec:bc:a5:81:3b:65:db:b5:22:3a:61:27:e6:ce:f8
ASN1 OID: prime256v1
NIST CURVE: P-256

从上可以看到，这里私钥的原始值是499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4

可以通过私钥获取公钥：

C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -pubout > ec-secp256r1-pub-key25Mar2024.pem
read EC key
writing EC key

公钥的PEM格式是：

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv
4vxlvkFfUw6XZhLXC6TE00c5VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END PUBLIC KEY-----

从base 64转化为hex:
3059301306072a8648ce3d020106082a8648ce3d0301070342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8

查看公钥：

C:\ECDSA_OPenssl_Test>openssl ec -pubin -in ec-secp256r1-pub-key25Mar2024.pem -noout -text
read EC key
Public-Key: (256 bit)
pub:04:26:e0:96:f2:a3:ec:50:c1:24:f0:d4:13:6a:84:54:99:e3:ac:9a:cc:af:e2:fc:65:be:41:5f:53:0e:97:66:12:d7:0b:a4:c4:d3:47:39:54:e1:5e:7f:19:92:a6:16:3b:04:ec:bc:a5:81:3b:65:db:b5:22:3a:61:27:e6:ce:f8
ASN1 OID: prime256v1
NIST CURVE: P-256

这里的公钥的原始值：26e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8

DER格式

在加解密操作中，也常用DER格式，例如使用编程，或者需要使用openssl指令进行操作

DER (Distinguished Encoding Rules) is a binary encoding for X.509 certificates and private keys.

以下是将一个私钥的PEM格式转换为DER格式：

C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-pub-key25Mar2024.pem -pubout -outform DER -out ec-secp256r1-pub-key25Mar2024.der
read EC key
writing EC key

下面查看转换为DER格式后的内容：

[john@localhost ~]$ xxd ec-secp256r1-pub-key25Mar2024.der
0000000: 3059 3013 0607 2a86 48ce 3d02 0106 082a  0Y0...*.H.=....*
0000010: 8648 ce3d 0301 0703 4200 0426 e096 f2a3  .H.=....B..&....
0000020: ec50 c124 f0d4 136a 8454 99e3 ac9a ccaf  .P.$...j.T......
0000030: e2fc 65be 415f 530e 9766 12d7 0ba4 c4d3  ..e.A_S..f......
0000040: 4739 54e1 5e7f 1992 a616 3b04 ecbc a581  G9T.^.....;.....
0000050: 3b65 dbb5 223a 6127 e6ce f8              ;e..":a'...
[john@localhost ~]$ xxd -p ec-secp256r1-pub-key25Mar2024.der
3059301306072a8648ce3d020106082a8648ce3d0301070342000426e096
f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d7
0ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6ce
f8
[john@localhost ~]$ 

经过与上面的PEM模式对比，可以发现DER是将PEM的 Base 64格式转换为hex，再以二进制进行存放。

在这里可以查看具体格式：

ECC home: Distinguished Encoding Rules (DER) format

具体结果如下：

DER string: 3059301306072a8648ce3d020106082a8648ce3d0301070342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8==Sequence==
--->Sequence (30)--->Obj ID tag (06 - Object ID)ID algorithm: 1.2.840.10045.2.1 ECC (ecPublicKey)--->Obj ID tag (06 - Object ID)ID algorithm: 1.2.840.10045.3.1.7 secp256r1
--->Obj ID tag (03)Bit value:  b'0426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8'Public key: (17584703792196710961322654698934966890779020245800324948422167181519104730642,97267834955915449518105771015666399636648946309220827714919462956391446531832Now checking key if ECC - 256EccKey(curve='NIST P-256', point_x=17584703792196710961322654698934966890779020245800324948422167181519104730642, point_y=97267834955915449518105771015666399636648946309220827714919462956391446531832)-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJuCW8qPsUMEk8NQTaoRUmeOsmsyv
4vxlvkFfUw6XZhLXC6TE00c5VOFefxmSphY7BOy8pYE7Zdu1IjphJ+bO+A==
-----END PUBLIC KEY-----

同样也可以对PEM私钥进行相同的操作：

C:\ECDSA_OPenssl_Test>openssl ec -in ec-secp256r1-priv-key25Mar2024.pem -outform DER -out ec-secp256r1-priv-key25Mar2024.der
read EC key
writing EC key

具体内容如下：

[john@localhost ~]$ xxd ec-secp256r1-priv-key25Mar2024.der
0000000: 3077 0201 0104 2049 9904 f99a 6728 37b0  0w.... I....g(7.
0000010: faaa f647 4ac4 9abe 845a 763c e7f6 7c0a  ...GJ....Zv<..|.
0000020: b49e 2c41 c341 e4a0 0a06 082a 8648 ce3d  ..,A.A.....*.H.=
0000030: 0301 07a1 4403 4200 0426 e096 f2a3 ec50  ....D.B..&.....P
0000040: c124 f0d4 136a 8454 99e3 ac9a ccaf e2fc  .$...j.T........
0000050: 65be 415f 530e 9766 12d7 0ba4 c4d3 4739  e.A_S..f......G9
0000060: 54e1 5e7f 1992 a616 3b04 ecbc a581 3b65  T.^.....;.....;e
0000070: dbb5 223a 6127 e6ce f8                   ..":a'...
[john@localhost ~]$ xxd -p ec-secp256r1-priv-key25Mar2024.der
30770201010420499904f99a672837b0faaaf6474ac49abe845a763ce7f6
7c0ab49e2c41c341e4a00a06082a8648ce3d030107a1440342000426e096
f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d7
0ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6ce
f8
[john@localhost ~]$ 

在ECC home: Distinguished Encoding Rules (DER) format查看具体结果如下：

DER string: 30770201010420499904f99a672837b0faaaf6474ac49abe845a763ce7f67c0ab49e2c41c341e4a00a06082a8648ce3d030107a1440342000426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8==Sequence==
Integer (02):  0x1
--->Sequence (A0)--->Obj ID tag (06 - Object ID)ID algorithm: 1.2.840.10045.3.1.7 secp256r1
--->Sequence (A1)Bit value:  b'0426e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8'

这里的同样验证了公钥的原始值是：26e096f2a3ec50c124f0d4136a845499e3ac9accafe2fc65be415f530e976612d70ba4c4d3473954e15e7f1992a6163b04ecbca5813b65dbb5223a6127e6cef8

使用OpenSSL及secp256r1算法获得签名

假如我们有一个原始数据是： 9702021300197653695F01011D1C27CD01015501C328497412CA97A61476414CF795B9CB8AF68B72F5C2C5BCCC074E5658BE6190B9DBCB4E7CA9AE24A0856E8F9B0F952DBF6609F8

一般会进行SHA256进行哈希运算得到以下结果，可以使用Sha256 online tool: SHA256：5fc6e719bb7a887e32f0c1fc273121a7cc036bb8d3ffa9499821743235a73391

将原始值转换为二进制文件：

[john@localhost ~]$ cat InputData.txt 
9702021300197653695F01011D1C27CD01015501C328497412CA97A61476414CF795B9CB8AF68B72F5C2C5BCCC074E5658BE6190B9DBCB4E7CA9AE24A0856E8F9B0F952DBF6609F8
[john@localhost ~]$ xxd -r -p InputData.txt InputData.bin[john@localhost ~]$ xxd -p InputData.bin
9702021300197653695f01011d1c27cd01015501c328497412ca97a61476
414cf795b9cb8af68b72f5c2c5bccc074e5658be6190b9dbcb4e7ca9ae24
a0856e8f9b0f952dbf6609f8[john@localhost ~]$ xxd InputData.bin 
0000000: 9702 0213 0019 7653 695f 0101 1d1c 27cd  ......vSi_....'.
0000010: 0101 5501 c328 4974 12ca 97a6 1476 414c  ..U..(It.....vAL
0000020: f795 b9cb 8af6 8b72 f5c2 c5bc cc07 4e56  .......r......NV
0000030: 58be 6190 b9db cb4e 7ca9 ae24 a085 6e8f  X.a....N|..$..n.
0000040: 9b0f 952d bf66 09f8                      ...-.f..
[skms@localhost ~]$ 

将哈希值转换为二进制：

[john@localhost ~]$ xxd -r -p sig_hsm_hex.txt sig_hsm_hex.bin[john@localhost ~]$ xxd -p hash_hsm_hex.bin
5fc6e719bb7a887e32f0c1fc273121a7cc036bb8d3ffa9499821743235a7
3391
[john@localhost ~]$ 
[john@localhost ~]$ cat hash_hsm_hex.bin
_���z�~2���'1!��k����I�!t25�3�
[skms@localhost ~]$ xxd hash_hsm_hex.bin
0000000: 5fc6 e719 bb7a 887e 32f0 c1fc 2731 21a7  _....z.~2...'1!.
0000010: cc03 6bb8 d3ff a949 9821 7432 35a7 3391  ..k....I.!t25.3.
[john@localhost ~]$ 

使用私钥ec-secp256r1-priv-key25Mar2024.pem对以上sig_hsm_hex.bin进行签名：

C:\ECDSA_OPenssl_Test>openssl pkeyutl -sign -inkey ec-secp256r1-priv-key25Mar2024.pem -in hash_hsm_hex.bin > sig_sect256.bin

结果如下：

[skms@localhost ~]$ xxd sig_sect256.bin
0000000: 3045 0221 00d9 6013 e128 55f8 5fab 27de  0E.!..`..(U._.'.
0000010: cca2 5215 fc7c 3ad0 bf2c e9ef b4c6 c3ea  ..R..|:..,......
0000020: 896e 1b28 4502 206b ec80 83c4 722a 485b  .n.(E. k....r*H[
0000030: 63ad 37a8 50b9 601b e759 0d79 debe 9468  c.7.P.`..Y.y...h
0000040: da70 d980 e700 a6                        .p.....
[skms@localhost ~]$ xxd -p sig_sect256.bin
3045022100d96013e12855f85fab27decca25215fc7c3ad0bf2ce9efb4c6
c3ea896e1b284502206bec8083c4722a485b63ad37a850b9601be7590d79
debe9468da70d980e700a6
[skms@localhost ~]$ 

进行解析：

C:\ECDSA_OPenssl_Test>openssl asn1parse -in sig_sect256.bin -inform der0:d=0  hl=2 l=  69 cons: SEQUENCE2:d=1  hl=2 l=  33 prim: INTEGER           :D96013E12855F85FAB27DECCA25215FC7C3AD0BF2CE9EFB4C6C3EA896E1B284537:d=1  hl=2 l=  32 prim: INTEGER           :6BEC8083C4722A485B63AD37A850B9601BE7590D79DEBE9468DA70D980E700A6

所以签名的原始值是： D96013E12855F85FAB27DECCA25215FC7C3AD0BF2CE9EFB4C6C3EA896E1B28456BEC8083C4722A485B63AD37A850B9601BE7590D79DEBE9468DA70D980E700A6

使用OpenSSL及secp256r1算法对签名进行认证

以上步骤使用私钥ec-secp256r1-priv-key25Mar2024.pem对以上sig_hsm_hex.bin进行了签名， 那么下面使用OpenSSL指令，使用ec-secp256r1-pub-key25Mar2024.pem公钥对输入sig_hsm_hex.bin内容和签名sig_sect256.bin进行认证。

注意： sig_sect256.bin是二进制文件

以下是对经过哈希SHA256运算后的结果sig_hsm_hex.bin进行直接认证：

C:\ECDSA_OPenssl_Test>openssl pkeyutl -verify -in hash_hsm_hex.bin -sigfile sig_sect256.bin -inkey ec-secp256r1-pub-key25Mar2024.pem -pubin
Signature Verified Successfully

如果输入的是哈希SHA256运算前的原始值，那么可以使用以下指令进行认证：

C:\ECDSA_OPenssl_Test>openssl dgst -sha256 -verify ec-secp256r1-pub-key25Mar2024.pem -signature sig_sect256.bin InputData.bin
Verified OK

以上InputData.bin是是哈希SHA256运算前的原始值(二进制形式)：9702021300197653695F01011D1C27CD01015501C328497412CA97A61476414CF795B9CB8AF68B72F5C2C5BCCC074E5658BE6190B9DBCB4E7CA9AE24A0856E8F9B0F952DBF6609F8

参考

Base64 Guru: Base64 to Hex and Hex to Base64
techdocs.akamai.com IoT Token Access Control - Generate ECDSA keys
EC Signature Generate & Verification
Stackoverflow: How to verify a ECC signature with OpenSSL command?
ECC home: Distinguished Encoding Rules (DER) format
Sha256 online tool: SHA256
OID: prime192v1(1) other identifiers: secp192r1, ansiX9p192r1
Hex to ASCII Text String Converter
PEM Parser
OpenSSL: Command Line Elliptic Curve Operations
Stackoverflow: How to verify a ECC signature with OpenSSL command?
Stackoverflow: Openssl command line: how to get PEM for a hex public key, 224 bit curve?
Github: Convert a hex ECDSA private key to PEM format #23258
Full working ECDSA signature with OpenSSL
Stackoverflow: Does OpenSSL -sign for ECDSA apply ASN1 encoding to the hash before signing?