Correction. Re: Creating an EC Public Key using Named Curves

Anders Rundgren anders.rundgren.net at gmail.com
Tue Oct 8 20:35:27 UTC 2013


Pardon me.  It was actually BC 1.45 which screw-up, not JDK 7.
Anyway, the bottom line (for me as developer...) is that BC and JDK 7 are
incompatible at the src level.

thanx
Anders

On 2013-10-08 17:41, Vincent Ryan wrote:
> Currently, there is no public API for named curves.
> 
> However you can generate named curves using the SunEC provider and the ECParameterSpec class.
> For example,
> 
>         AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", "SunEC");
>         parameters.init(new ECGenParameterSpec("secp256r1"));
>         ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
> 
>         return KeyFactory.getInstance("EC", "SunEC").generatePublic(new ECPublicKeySpec(new ECPoint(x, y), ecParameters));
> 
> 
> It's not elegant but the list of supported named curves can be extracted from the AlgorithmParameters.EC SupportedCurves
> property. For example,
> 
>         String[] curves = Security.getProvider("SunEC")
>             .getProperty("AlgorithmParameters.EC SupportedCurves")
>             .split("\\|");
>         for (String curve : curves) {
>             System.out.println(curve.substring(1, curve.indexOf(",")));
>         }

Thanx Vicent,

I guess this is new for JDK 7.

Unfortunately I seem to be stuck with BC because a serialized named
ECPublicKey in JDK 7 uses a different (and IMHO incorrect) format which
makes it impossible to sign a public key in an interoperable way.

Note: I used Oracle's JDK 7 on Windows but I assume it is the same for OpenJDK.

thanx
Anders Rundgren


> 
> 
> 
> 
> On 8 Oct 2013, at 13:53, Anders Rundgren wrote:
> 
>> If you have the X and Y points and the name of a public key you can create a ECPublicKey using BouncyCastle.
>> I cannot find any counterpart in JDK 7.  What am I missing?
>>
>> BC:
>>
>> return KeyFactory.getInstance ("EC").generatePublic (new ECPublicKeySpec (new ECPoint (x, y), new ECNamedCurveSpec (name,...)));
>>
>> Cheers
>> Anders
> 




More information about the security-dev mailing list