cryptography - Javascript ECDSA get private and public keys?

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

All I need are to get a private and public keypair for ECDSA. Stanford Javascript Crypto Library does it in a non-standard way ( https://groups.google.com/forum/?fromgroups#!topic/sjcl-discuss/UaWUyMWS3Rs ) and that's useless to me - like what's the point of making a MD5 library that gives different results to everything else?

Is there an actual, working way to use ECDSA in javascript?

Basically I would stay away from SJCL. Simple reason: multiple issues like this have been found - including very serious verification mistakes, and although Mike seems to know what he's talking about, the library is just not tested well enough for a cryptographic library to be used. I would seriously try to get around issues by using SSL (for browser based crypto) or a wrapper library (for "local" development). Note that I wrote a Java compatability library, so I would rather promote the software. – Maarten Bodewes Jan 6, 2013 at 19:50

The jsrsasign 4.0.0 now supports ECDSA signing and verification with EC private and public key.

http://kjur.github.io/jsrsasign/

I think this meets your needs. Here is a demo page.

http://kjur.github.io/jsrsasign/sample-ecdsa.html

First of all, the comment you link to talks about the format of the ECDSA signature, not the keypair. Secondly, it is a bit misleading:

The output from the ECDSA algorithm is two integers in the interval [1, n-1]. The ECDSA standard ( FIPS 183-3 ) does not specify way a standard method to encode this pair of numbers as a array of bytes.

One way is by encapsulating the numbers in an ASN.1 SEQUENCE. This is the way specified by ANSI X9.62 and RFC3278 . It is the standard output from Java and (AFAIR) Microsoft CNG/.NET.

Another way is by left-padding the numbers with zeroes so they have the same byte-length as n and then just concatenating them. This is done by PKCS#11 and most smartcard implementations.

If I read the source code correctly, the SJCL encodes the ECDSA signature in the second way. You can easily convert this format to the first one.

Yes, it's an easy conversion from 2 binary octet strings to two signed integer wrapped in a relatively simple BER format (SEQUENCE with two INTEGER's). But please test it well, since these kind of conversions often do go wrong. – Maarten Bodewes Jan 6, 2013 at 23:54

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question . Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers .