Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ECPrivateKey does not zero-pad private key, violates rfc5915

See original GitHub issue

Hi,

https://tools.ietf.org/html/rfc5915:

privateKey is the private key. It is an octet string of length ceiling (log2(n)/8) (where n is the order of the curve) obtained from the unsigned integer via the Integer-to-Octet-String- Primitive (I2OSP) defined in [RFC3447].

I.e. the encoded number must be padded with zeros. Best rationale I can think of is that an encrypted ec key would leak information (key size) otherwise.

asn1crypto uses IntegerOctetString which cannot be told the encoded width of the number. I.e. the number is not padded. IntegerOctetString is only used in ECPrivateKey.

Code that wants to generate a correct ECPrivateKey structure would need to pass the intended length of the key. I don’t see any way around this; asn1crypto cannot determine the width by any other means.

I’m not sure how the API should look like. (31337, 32)? Or {'value': 31337, 'width': 32}? Or add a new class method which takes value + width?

A breaking change (i.e. do not accept a plain int) might be acceptable; existing code is incorrect anyway.

.native should still return an int. Actual encoding (and its length) can be read with .contents.

Thanks!

Incorrect key (generated by asn1crypto):

-----BEGIN PRIVATE KEY-----
MGkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcETzBNAgEBBAJ6aaFEA0IABC+quZfc
dJWlahQfx2dJjqCwY65KkbxAVUU/7WfnnwVfOaIKLFq1YIfiQ/6pjmr+soVeoJIm
hetpZvE17EgMWEM=
-----END PRIVATE KEY-----

Correct key (generated by openssl):

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHppoAoGCCqGSM49
AwEHoUQDQgAEL6q5l9x0laVqFB/HZ0mOoLBjrkqRvEBVRT/tZ+efBV85ogosWrVg
h+JD/qmOav6yhV6gkiaF62lm8TXsSAxYQw==
-----END EC PRIVATE KEY-----

Code to generate above key:

from asn1crypto.keys import ECPointBitString, ECPrivateKey, NamedCurve, PrivateKeyInfo
from asn1crypto.pem import armor

key = PrivateKeyInfo.wrap(
    ECPrivateKey({
        'version': 1,
        'private_key': 31337,
        'parameters': NamedCurve('secp256r1'),
        'public_key': ECPointBitString.from_coords(
            0x2faab997dc7495a56a141fc767498ea0b063ae4a91bc4055453fed67e79f055f,
            0x39a20a2c5ab56087e243fea98e6afeb2855ea0922685eb6966f135ec480c5843,
        ),
    }),
    'ec'
)
print(armor('PRIVATE KEY', key.dump()).decode(), end="")

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:7 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
wbondcommented, Aug 21, 2019

This should be fixed by 61ae7d7790e460f253c29c5ab7c63b0149f44154

0reactions
wbondcommented, Aug 12, 2019

As a note to others, I have a fix for this mostly implemented, and will be pushed up once I have time to complete it.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Error during generation of ECPublicKey/ECPrivateKey from ...
I used openssl pkcs8 -topk8 -nocrypt and then following code. Error is gone now. However shared secret generated on server side does not...
Read more >
Network Working Group M. Green Internet-Draft Cryptography ...
[I-D.ietf-tls-tls13] do not provide support for the RSA handshake -- ... private key encoding: ECPrivateKey, Section 3 of [RFC5915] |.
Read more >
ECPrivateKey (Java Platform SE 8 ) - Oracle Help Center
The interface to an elliptic curve (EC) private key. ... The class fingerprint that is set to indicate serialization compatibility.
Read more >
ECPrivateKey - Stiftung SIC/IAIK JavaDoc
For EC private keys the syntax for the privateKey field is defined by SEC1 [1]: ... RFC 5915 requires that parameters MUST be...
Read more >
ECPrivateKey - IBM
ASN.1 syntax for EC private keys from SEC 1 v1.5 (draft): ... parameters are encoded as part of the AlgorithmIdentifier, not in the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Cannot extract pubkey from certificate

Next page

cryptography import asn1crypto(asn1crypto>=0.21.0),but asn1crypto has a bug fixed and has not new release