[Cryptography-dev] EC key values

Paul Kehrer paul.l.kehrer at gmail.com
Fri Jan 13 00:23:07 EST 2017 

Hi Pim,

Answers inline.

On January 9, 2017 at 12:19:29 AM, Pim van der Eijk (Lists) (
lists at sonnenglanz.net) wrote:


Hi,
I am using cryptography to implement the KeyInfo part of W3C XML Signature
and am looking to add support for EC keys.  The following is part of an
example structure I would like to be able to process:

<ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#"
<http://www.w3.org/2009/xmldsig11#>>
  <NamedCurve URI="urn:oid:1.2.840.10045.3.1.7" />
  <PublicKey>
    vWccUP6Jp3pcaMCGIcAh3YOev4gaa2ukOANC7Ufg
    Cf8KDO7AtTOsGJK7/TA8IC3vZoCy9I5oPjRhyTBulBnj7Y
  </PublicKey></ECKeyValue>


I have two questions.

First, according to W3C XML Signature (see
https://www.w3.org/TR/xmldsig-core1/#sec-ECKeyValue) the content of
PublicKey in ECKeyValue element is:

*"**a Base64 encoding of a binary representation of the x and y coordinates
of the point.* *Its value is computed as follows:*

   1. *Convert the elliptic curve point (x,y) to an octet string by first
   converting the field elements x and y to octet strings as specified in
   Section 6.2 of* *https://www.rfc-editor.org/rfc/rfc6090.txt
   <https://www.rfc-editor.org/rfc/rfc6090.txt>**, and then prepend the
   concatenated result of the conversion with 0x04. Support for
   Elliptic-Curve-Point-to-Octet-String conversion without point compression
   is* *required**.*
   2. *Base64 encode the octet string resulting from the conversion in Step
   1."*

RFC 6090 section 6.2 states:

6.2.  Integer-to-Octet-String Conversion

   The integer x shall be converted to an octet string S of length k as
   follows.  The string S shall satisfy

                          k
                    y =  SUM  2^(8(k-i)) Si .
                        i = 1

   where S1, ..., Sk are the octets of S from first to last.

   In other words, the first octet of S has the most significance in the
   integer, and the last octet of S has the least significance.


I am looking to implement this using cryptography.  There is an
encode_point() function in
hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers which is
documented to transform "an elliptic curve point to a byte string as
described in SEC 1 v2.0 <http://www.secg.org/sec1-v2.pdf> section 2.3.3.".
Is this the same encoding as under the quoted section of XML Signature,
item (1) ?

Yes, encode_point() returns the standard uncompressed form.



Second question, the class asymmetric.ec.EllipticCurve has a "name" that is
the symbolic name used for the ASN.1 OID
For example,  OID 1.3.132.0.34 has the name "secp384r1".

W3C XML Signature apparently expects the OID encoded as a URN (
https://www.ietf.org/rfc/rfc3061.txt), i.e. something like
"urn:oid:1.3.132.0.34".  Is there a way in Python to get the OID value for
a named curve, rather than its symbolic name?

We don't currently encode OIDs as part of the EC classes, but you can file
an issue and we can discuss adding them. For now you'll have to maintain
your own mapping.



Kind Regards,

Pim




-Paul (reaperhulk)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170113/774b18e3/attachment.html>

More information about the Cryptography-dev mailing list