openssl: SM2 private key cannot produce valid signatures
-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoEcz1UBgi0EJzAlAgEBBCD////+////////////////cgPfayHG
BStTu/QJOdVBIg==
-----END PRIVATE KEY-----
Above private key cannot produce valid digital signatures:
openssl pkey -in sm2_bad.key -pubout > sm2_bad.key.pub
openssl pkeyutl -inkey sm2_bad.key -in /etc/lsb-release -rawin -sign -pkeyopt sm2_id:Alice > sm2_bad.sig
openssl pkeyutl -inkey sm2_bad.key.pub -pubin -in /etc/lsb-release -rawin -verify -pkeyopt sm2_id:Alice -sigfile sm2_bad.sig
Signature Verification Failure
@InfoHunter What does the spec say about key generation?
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 54 (53 by maintainers)
Commits related to this issue
- [test][pkey_check] Add invalid SM2 key test SM2 private keys have different validation requirements than EC keys: this test checks one corner case highlighted in https://github.com/openssl/openssl/is... — committed to romen/openssl by romen 4 years ago
- Add SM2 private key range validation According to the relevant standards, the valid range for SM2 private keys is [1, n-1), where n is the order of the curve generator. For this reason we cannot reu... — committed to romen/openssl by romen 4 years ago
- [test][pkey_check] Add invalid SM2 key test SM2 private keys have different validation requirements than EC keys: this test checks one corner case highlighted in https://github.com/openssl/openssl/is... — committed to romen/openssl by romen 4 years ago
- Add SM2 private key range validation According to the relevant standards, the valid range for SM2 private keys is [1, n-1), where n is the order of the curve generator. For this reason we cannot reu... — committed to romen/openssl by romen 4 years ago
- [test][pkey_check] Add invalid SM2 key test SM2 private keys have different validation requirements than EC keys: this test checks one corner case highlighted in https://github.com/openssl/openssl/is... — committed to openssl/openssl by romen 4 years ago
- Update to upstream master (#273) * Update copyright years of auto-generated headers (make update) Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/o... — committed to open-quantum-safe/openssl by baentsch 3 years ago
That was exactly what I did last year to push an RFC draft to IETF…to let others understand the specs.
I think @InfoHunter is right – this doesn’t appear to be in 1.1.1.
So just ignore any of my “breaking change” talk.
Sorry for the noise on that part.