tuning ECC tests+doc
Karel Miko
10 years ago
416 | 416 | ### let's have: |
417 | 417 | # DSA private key in PEM format - dsakey.priv.pem |
418 | 418 | # DSA public key in PEM format - dsakey.pub.pem |
419 | # data file to be signed or encrypted - input.data | |
419 | # data file to be signed - input.data | |
420 | 420 | |
421 | 421 | =head2 Sign by OpenSSL, verify by Crypt::PK::DSA |
422 | 422 |
815 | 815 | #on Bob side |
816 | 816 | my $shared_secret = ecc_shared_secret('Bob_priv_ecc1.der', 'Alice_pub_ecc1.der'); |
817 | 817 | |
818 | =head1 OpenSSL interoperability | |
819 | ||
820 | ### let's have: | |
821 | # ECC private key in PEM format - eckey.priv.pem | |
822 | # ECC public key in PEM format - eckey.pub.pem | |
823 | # data file to be signed - input.data | |
824 | ||
825 | =head2 Sign by OpenSSL, verify by Crypt::PK::ECC | |
826 | ||
827 | Create signature (from commandline): | |
828 | ||
829 | openssl dgst -sha1 -sign eckey.priv.pem -out input.sha1-ec.sig input.data | |
830 | ||
831 | Verify signature (Perl code): | |
832 | ||
833 | use Crypt::PK::ECC; | |
834 | use Crypt::Digest 'digest_file'; | |
835 | use File::Slurp 'read_file'; | |
836 | ||
837 | my $pkec = Crypt::PK::ECC->new("eckey.pub.pem"); | |
838 | my $signature = read_file("input.sha1-ec.sig", binmode=>':raw'); | |
839 | my $valid = $pkec->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
840 | print $valid ? "SUCCESS" : "FAILURE"; | |
841 | ||
842 | =head2 Sign by Crypt::PK::ECC, verify by OpenSSL | |
843 | ||
844 | Create signature (Perl code): | |
845 | ||
846 | use Crypt::PK::ECC; | |
847 | use Crypt::Digest 'digest_file'; | |
848 | use File::Slurp 'write_file'; | |
849 | ||
850 | my $pkec = Crypt::PK::ECC->new("eckey.priv.pem"); | |
851 | my $signature = $pkec->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
852 | write_file("input.sha1-ec.sig", {binmode=>':raw'}, $signature); | |
853 | ||
854 | Verify signature (from commandline): | |
855 | ||
856 | openssl dgst -sha1 -verify eckey.pub.pem -signature input.sha1-ec.sig input.data | |
857 | ||
858 | =head2 Keys generated by Crypt::PK::ECC | |
859 | ||
860 | Generate keys (Perl code): | |
861 | ||
862 | use Crypt::PK::ECC; | |
863 | use File::Slurp 'write_file'; | |
864 | ||
865 | my $pkec = Crypt::PK::ECC->new; | |
866 | $pkec->generate_key('secp160k1'); | |
867 | write_file("eckey.pub.der", {binmode=>':raw'}, $pkec->export_key_der('public')); | |
868 | write_file("eckey.priv.der", {binmode=>':raw'}, $pkec->export_key_der('private')); | |
869 | write_file("eckey.pub.pem", $pkec->export_key_pem('public')); | |
870 | write_file("eckey.priv.pem", $pkec->export_key_pem('private')); | |
871 | write_file("eckey-passwd.priv.pem", $pkec->export_key_pem('private', 'secret')); | |
872 | ||
873 | Use keys by OpenSSL: | |
874 | ||
875 | openssl ec -in eckey.priv.der -text -inform der | |
876 | openssl ec -in eckey.priv.pem -text | |
877 | openssl ec -in eckey-passwd.priv.pem -text -inform pem -passin pass:secret | |
878 | openssl ec -in eckey.pub.der -pubin -text -inform der | |
879 | openssl ec -in eckey.pub.pem -pubin -text | |
880 | ||
881 | =head2 Keys generated by OpenSSL | |
882 | ||
883 | Generate keys: | |
884 | ||
885 | openssl ecparam -param_enc explicit -name prime192v3 -genkey -out eckey.priv.pem | |
886 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.pem -pubout | |
887 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.priv.der -outform der | |
888 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.der -outform der -pubout | |
889 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.privc.der -outform der -conv_form compressed | |
890 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pubc.der -outform der -pubout -conv_form compressed | |
891 | openssl ec -param_enc explicit -in eckey.priv.pem -passout pass:secret -des3 -out eckey-passwd.priv.pem | |
892 | ||
893 | B<IMPORTANT:> it is necessary to use C<-param_enc explicit> option | |
894 | ||
895 | Load keys (Perl code): | |
896 | ||
897 | use Crypt::PK::ECC; | |
898 | use File::Slurp 'write_file'; | |
899 | ||
900 | my $pkec = Crypt::PK::ECC->new; | |
901 | $pkec->import_key("eckey.pub.der"); | |
902 | $pkec->import_key("eckey.pubc.der"); | |
903 | $pkec->import_key("eckey.priv.der"); | |
904 | $pkec->import_key("eckey.privc.der"); | |
905 | $pkec->import_key("eckey.pub.pem"); | |
906 | $pkec->import_key("eckey.priv.pem"); | |
907 | $pkec->import_key("eckey-passwd.priv.pem", "secret"); | |
908 | ||
818 | 909 | =head1 SEE ALSO |
819 | 910 | |
820 | 911 | =over |
0 | use strict; | |
1 | use warnings; | |
2 | ||
3 | sub runcmds { | |
4 | my $cmds = shift; | |
5 | for (split /\n/, $cmds) { | |
6 | s/^\s*(.*?)\s*$/$1/; | |
7 | warn "#### >$_<\n"; | |
8 | my $rv = system($_); | |
9 | die "ERROR (rv = $rv)\n" if $rv; | |
10 | } | |
11 | } | |
12 | ||
13 | sub doit { | |
14 | ||
15 | ### sign openssl > cryptx | |
16 | runcmds <<'MARKER'; | |
17 | openssl dgst -sha1 -sign eckey.priv.pem -out input.sha1-ec.sig input.data | |
18 | MARKER | |
19 | ||
20 | { | |
21 | use Crypt::PK::ECC; | |
22 | use Crypt::Digest 'digest_file'; | |
23 | use File::Slurp 'read_file'; | |
24 | ||
25 | my $pkec = Crypt::PK::ECC->new("eckey.pub.pem"); | |
26 | my $signature = read_file("input.sha1-ec.sig", binmode=>':raw'); | |
27 | my $valid = $pkec->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
28 | print $valid ? "SUCCESS" : "FAILURE"; | |
29 | } | |
30 | ||
31 | ### sign cryptx > openssl | |
32 | { | |
33 | use Crypt::PK::ECC; | |
34 | use Crypt::Digest 'digest_file'; | |
35 | use File::Slurp 'write_file'; | |
36 | ||
37 | my $pkec = Crypt::PK::ECC->new("eckey.priv.pem"); | |
38 | my $signature = $pkec->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
39 | write_file("input.sha1-ec.sig", {binmode=>':raw'}, $signature); | |
40 | } | |
41 | ||
42 | runcmds <<'MARKER'; | |
43 | openssl dgst -sha1 -verify eckey.pub.pem -signature input.sha1-ec.sig input.data | |
44 | MARKER | |
45 | ||
46 | } | |
47 | ||
48 | ### MAIN ### | |
49 | ||
50 | write_file("input.data", "test-file-content"); | |
51 | ||
52 | ### keys generated by cryptx | |
53 | { | |
54 | use Crypt::PK::ECC; | |
55 | use File::Slurp 'write_file'; | |
56 | ||
57 | my $pkec = Crypt::PK::ECC->new; | |
58 | $pkec->generate_key('secp160k1'); | |
59 | write_file("eckey.pub.der", {binmode=>':raw'}, $pkec->export_key_der('public')); | |
60 | write_file("eckey.priv.der", {binmode=>':raw'}, $pkec->export_key_der('private')); | |
61 | write_file("eckey.pub.pem", $pkec->export_key_pem('public')); | |
62 | write_file("eckey.priv.pem", $pkec->export_key_pem('private')); | |
63 | write_file("eckey-passwd.priv.pem", $pkec->export_key_pem('private', 'secret')); | |
64 | } | |
65 | ||
66 | runcmds <<'MARKER'; | |
67 | openssl ec -in eckey.priv.der -text -inform der | |
68 | openssl ec -in eckey.priv.pem -text | |
69 | openssl ec -in eckey-passwd.priv.pem -text -inform pem -passin pass:secret | |
70 | openssl ec -in eckey.pub.der -pubin -text -inform der | |
71 | openssl ec -in eckey.pub.pem -pubin -text | |
72 | MARKER | |
73 | ||
74 | doit(); | |
75 | ||
76 | ### keys generated by openssl | |
77 | ||
78 | runcmds <<'MARKER'; | |
79 | openssl ecparam -param_enc explicit -name prime192v3 -genkey -out eckey.priv.pem | |
80 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.pem -pubout | |
81 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.priv.der -outform der | |
82 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.der -outform der -pubout | |
83 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.privc.der -outform der -conv_form compressed | |
84 | openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pubc.der -outform der -pubout -conv_form compressed | |
85 | openssl ec -param_enc explicit -in eckey.priv.pem -passout pass:secret -des3 -out eckey-passwd.priv.pem | |
86 | MARKER | |
87 | ||
88 | { | |
89 | use Crypt::PK::ECC; | |
90 | use File::Slurp 'write_file'; | |
91 | ||
92 | my $pkec = Crypt::PK::ECC->new; | |
93 | $pkec->import_key("eckey.pub.der"); | |
94 | $pkec->import_key("eckey.pubc.der"); | |
95 | $pkec->import_key("eckey.priv.der"); | |
96 | $pkec->import_key("eckey.privc.der"); | |
97 | $pkec->import_key("eckey.pub.pem"); | |
98 | $pkec->import_key("eckey.priv.pem"); | |
99 | $pkec->import_key("eckey-passwd.priv.pem", "secret"); | |
100 | } | |
101 | ||
102 | doit(); | |
103 | ||
104 | warn "\nSUCCESS\n";⏎ |