-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filed to construct sequence from byte [] , while generating PublicKey from public key byte array generated at Go-lang #1272
Comments
If you attach a self signed certificate I might be able to help. There's no standards around these algorithms at the moment even for development, a few of us are trying to do something about this, but unfortunately it's not surprising you are having issues. |
@dghgit please find the public key generated at Golang.
(@cipherboy edited for clarity) |
@dghgit below is the code to generate public, private and signature at Golang and passing keys to java for bouncy castle to retrieve the actual public key object to verify signature. package main
import (
"crypto/x509/pkix"
"encoding/asn1"
"encoding/base64"
"encoding/pem"
"fmt"
"net/http"
"os"
"strings"
"time"
"github.com/cloudflare/circl/sign/dilithium/mode3"
)
func main() {
// Generates a keypair.
pk, sk, err := mode3.GenerateKey(nil)
if err != nil {
panic(err)
}
cid := "This"
mptr := " is a "
sequence_number := "message."
var msg = []byte(cid + mptr + sequence_number)
var signature [mode3.SignatureSize]byte
mode3.SignTo(sk, msg, signature[:])
if !mode3.Verify(pk, msg, signature[:]) {
panic("incorrect signature")
}
packedPk, err := MarshalPKIXPublicKey(*pk)
str := pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: packedPk,
})
fmt.Printf(string(str))
// fmt.Printf(string(packedPk))
publickeyfile, err := os.Create("../bcCryptography/public.key")
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// publickeyfile.Write(publicKeyBytes)
publickeyfile.Write(str)
publickeyfile.Close()
// sending request to platform
jsonBody := "{\"publicKey\":\"" + base64.StdEncoding.EncodeToString(str) +
"\",\"signature\":\"" + base64.StdEncoding.EncodeToString(signature[:]) + "\",\"data\":\"" + base64.StdEncoding.EncodeToString(msg) + "\"}"
bodyReader := strings.NewReader(jsonBody)
newrequestURL := "http://localhost:8080/v1/api/crypto/verifySig"
fmt.Println(bodyReader)
req, err := http.NewRequest(http.MethodPost, newrequestURL, bodyReader)
if err != nil {
fmt.Printf("client: could not create request: %s\n", err)
os.Exit(1)
}
req.Header.Set("Content-Type", "application/json")
client := http.Client{
Timeout: 30 * time.Second,
}
res, err := client.Do(req)
if err != nil {
fmt.Printf("client: error making http request: %s\n", err)
os.Exit(1)
}
fmt.Printf("client: got response!\n")
fmt.Printf("client: status code: %d\n", res.StatusCode)
}
func MarshalPKIXPublicKey(pk mode3.PublicKey) ([]byte, error) {
data, err := pk.MarshalBinary()
if err != nil {
return nil, err
}
return asn1.Marshal(struct {
pkix.AlgorithmIdentifier
asn1.BitString
}{
pkix.AlgorithmIdentifier{
Algorithm: asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 7, 6, 5}, // Round 2 strength
},
asn1.BitString{
Bytes: data,
BitLength: len(data) * 8,
},
})
} (@cipherboy edited for clarity) |
@hivenet-mdevarasetty-osi I do not know if you have solved this, but in the mean time, the OIDs for Dilithium has changed and Bouncy Castle has updated to newer draft OIDs for ML-DSA. https://github.com/kudelskisecurity/crystals-go has been archived and https://github.com/cloudflare/circl will update when the NIST draft spec is finalized. The current version of BC (1.77 at the time of writing) implements the pre-release draft spec with OID Going ahead and closing this; once NIST publishes final revisions of these specs a lot of incompatibilities can be worked out... :-) Thank you! |
I am trying to generate PublicKey object at Java using bouncycastle provider from publickey byte [] generated at Go-lang using https://github.com/kudelskisecurity/crystals-go with Dilithium algorithm.
Within Go-lang able to verify the signature using publickey but when when trying to verify signature at Java using publickey that generated by Go-lang, need to get PublicKey object from byte [] where i am getting failed to construct sequence from byte[] and some times with extra data attached, more than 31 bit...
pubKey = keyFactory.generatePublic(pubKeySpec); failing at this line.
Reference code at java:
(@cipherboy edited for clarity)
The text was updated successfully, but these errors were encountered: