3

I got a ECIES encryption result and a publickey,the publickey after decoding to ASN.1, I obtained the following: 

SEQUENCE {
   SEQUENCE {
      OBJECTIDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
      SEQUENCE {
         INTEGER 0x01 (1 decimal)
         SEQUENCE {
            OBJECTIDENTIFIER 1.2.840.10045.1.1
            INTEGER 0x008542d69e4c044f18e8b92435bf6ff7de457283915c45517d722edb8b08f1dfc3
         }
         SEQUENCE {
            OCTETSTRING 787968b4fa32c3fd2417842e73bbfeff2f3c848b6831d7e0ec65228b3937e498
            OCTETSTRING 63e4c6d3b23b0c849cf84241484bfe48f61d59a5b16ba06e6e12d1da27c5249a
         }
         OCTETSTRING 04421debd61b62eab6746434ebc3cc315e32220b3badd50bdc4c4e6c147fedd43d0680512bcbb42c07d47349d2153b70c4e5d7fdfcbfa36ea1a85841b9e46e09a2
         INTEGER 0x008542d69e4c044f18e8b92435bf6ff7dd297720630485628d5ae74ee7c32e79b7
         INTEGER 0x04 (4 decimal)
      }
   }
   BITSTRING 0x040ae4c7798aa0f119471bee11825be46202bb79e2a5844495e97c04ff4df2548a7c0240f88f1cd4e16352a73c17b7f16f07353e53a176d684a9fe0c6bb798e857 : 0 unused bit(s)
}

I don't really know what's the meaning of every field of the ASN.1 structure.

And the result(use bouncycastle in java) is:

04067c432c80857e3bd3c437cf6617309768f5ad1a0875d576feda7badf95bb2d572471b75afee6e089ad1128e4b8d587d2b755edf23d0f560dabfdcd66ce1e3c52eca632f28246eb626c148857b1e04b112ac9e2030551b39a87e

I can't decode it with ASN.1 Decoder.

However, I got another result of ECIES use openssl in C, which is:

304b04210355f43b1936c7d95da83056240032b334334d5166108a37e74b3b1cceebe1d8e00410da784547fd402c00f9aff3d2c2b1a4f50414bec74472761453d0ce9abfee81693c895d5b5840

And I obtain the the ASN.1 structure :

       SEQUENCE {
          OCTETSTRING 0355f43b1936c7d95da83056240032b334334d5166108a37e74b3b1cceebe1d8e0
          OCTETSTRING da784547fd402c00f9aff3d2c2b1a4f5
          OCTETSTRING bec74472761453d0ce9abfee81693c895d5b5840
       }

Which I guess is R||c||d according to Integrated_Encryption_Scheme, but what's the result of bouncycastle ? I want to use openssl to encrypt and use bouncycastle to decrypt, is there any suggestion?

Jswq
  • 155
  • 1
  • 6

1 Answers1

3

The public key structure is an X.509 SubjectPublicKeyInfo for ECC (public) key, using explicit format instead of (more common and popular) 'named' format. SPKI is a generic ASN.1 structure that supports multiple (and extensible) algorithms:

SEQUENCE {
    AlgorithmIdentifier = SEQUENCE {
        algorithm: OBJECT IDENTIFIER -- identifies the algorithm
        parameters: ASN.1 type and content varies depending on algorithm
    }
    publickey: BITSTRING -- content varies depending on algorithm
}

The algorithm-dependent parts for ECC are detailed in rfc3279 section 2.3.5 and yours has an explicit description of a curve over a prime field with 256-bit prime beginning 8542 in hex, coefficients beginning 7879 and 63e4, base point with X coordinate beginning 421d, and claimed order slightly less than the prime but cofactor 4 which doesn't make sense to me; and a public key/point on that curve with X coordinate beginning 0ae4.

SPKI is the format Java crypto calls 'X.509' (X509EncodedKeySpec) and OpenSSL calls PUBKEY.

The BouncyCastle IES output is created at the end of encryptBlock in the source here for org.bouncycastle.crypto.engines.IESEngine as the concatenation of 'V' the sender's ephemeral public key, 'C' the ciphertext, and 'T' the MAC tag, without any delimiters or other added structure. Your posted value is 91 bytes, beginning 04 meaning uncompressed, and for a 256-bit curve uncompressed V is 65 bytes, leaving 26 for ciphertext plus MAC, which seems unlikely; could your data be truncated or otherwise damaged?

Community
  • 1
dave_thompson_085
  • 6,523
  • 1
  • 22
  • 25