ECDSA (secp256k1) Signature Verification Fails

Algorithm School

Moderator: UNKNwYSHSA

Posts: 1
Joined: Tue Apr 09, 2019 4:09 pm
Points :38

ECDSA (secp256k1) Signature Verification Fails

Post by bogdanwallee » Sat May 04, 2019 7:34 am

I have an issue with verification of a ECDSA Signature made on javacard. I am trying to verify the signature in Javascript(Elliptic) but the verification always fails.

My applet(javacard) looks like:

Code: Select all

ecdsa = Signature.getInstance(Signature.ALG_ECDSA_SHA_256, false);
eccKey=SecP256k1.newKeyPair(); //in SecP256k1 the p,a,b,g,r,k are set

//singing method
ecdsa.init(eccKey.getPrivate(), Signature.MODE_SIGN);

//Generates the signature of all input data.
short lenTmp = ecdsa.sign(buffer, ISO7816.OFFSET_CDATA, (short)1, buffer, 
//I tried also to sigh precomputed hash - same result
/*short lenTmp = ecdsa.signPreComputedHash(buffer, ISO7816.OFFSET_CDATA, 
len, buffer, (short)0); */

apdu.setOutgoingAndSend((short)0, lenTmp);
I get a private key

Code: Select all

(e.g. : 3E05E289911E66A8153EE9C15A0AFC109C49207DB9DC4656CC4D092323EA65BC)
When I sign a message

Code: Select all

(e.g : 0x01)
I get the signature in DER format:

Code: Select all

Also its verification is successful on javacard.. But when I try to verify it on nodejs, or openssl, or any online site it always fails. My code looks like:

Code: Select all

let elliptic = require('elliptic');
let ec = new'secp256k1');
let keyPair = ec.keyFromPrivate("3E05E289911E66A8153EE9C15A0AFC109C49207DB9DC4656CC4D092323EA65BC");
let privKey = keyPair.getPrivate("hex");
let pubKey = keyPair.getPublic();
let signature = "304402205F376BB2B2D48BBB0275099C3B9591F18ECA424DD953EB27FDE37BA819B98F980220539A85B91491E977F6B31B5A76BEF6805BBC3B6481A51C23B9E7C6F39FB70569";
let msg = 0x01;
let validSig = ec.verify(msg, signature, pubKey);
console.log("Signature valid?", validSig);//returns always false
Also, if I sign the same message with the same key on nodejs, the verification is successful.

Moreover, I noticed that the signature is always different in javacard, while the signature on elliptic is always the same, maybe it always chosses the same random k.

Posts: 149
Joined: Tue Sep 27, 2016 10:58 am
Points :2044

Re: ECDSA (secp256k1) Signature Verification Fails

Post by tay00000 » Tue May 07, 2019 7:23 am

Firstly, what is this ?

Code: Select all

and how did you derive that ? This is not a default JavaCard API and it seems like some class you made or you imported. We will need more information on that if you can comfortably provide it.

This seems to be crucial as it determines how the SECP-256K1 parameters are set.

I would suggest you use code from ... and simply change the package to whatever package you are using.

The 'k' is always randomly generated on JavaCard and for other libraries like BouncyCastle or some JavaScript libraries, they may either use static variables or deterministic derivations like HMAC based derivations of 'k'. Random or deterministic 'k' should not impact signatures and are highly unlikely the key problem.

Posts: 2
Joined: Tue Dec 19, 2017 5:05 am
Points :48

Re: ECDSA (secp256k1) Signature Verification Fails

Post by ThanhLong » Wed Feb 05, 2020 5:41 am

Hi bogdanwallee

As I know
- your applet : signature = sign(privateKey, messageDigest)
messageDigest = SHA256(input data) ( because you use ALG_ECDSA_SHA_256, so It must be hash before sign)

- Your nodejs code : signature = sign(privateKey, input data)

hope to help you.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 2 guests

JavaCard OS : Disclaimer