- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- Product Forums
- :
- Wireless Connectivity
- :
- How to verify signatures with a public key length exceeding 512 bits in ECDSA
How to verify signatures with a public key length exceeding 512 bits in ECDSA
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to verify signatures with a public key length exceeding 512 bits in ECDSA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
How to verify signatures with a public key length exceeding 512 bits in ECDSA
The programme is currently being developed using an NXP evaluation board (KW45B41Z-EVK).
I want to verify signatures with ECDSA, but the data length of the public key and signature is larger than 512 bits.
I think I can use the "ECDSA_VerifySignature" function in the NXP library SecLib_ecp256.h, but the comments say to specify the public key and signature in a 64-byte buffer.
In fact, if I use this function to verify the signature, I get an error.
In Python, the public key and signature could be verified correctly even if they exceeded 512 bits.
Please let me know if you know how to use NXP's ECDSA function to verify public keys and signatures that exceed 512 bits.
Thanks in advance for any help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your response.
We would like to implement a digital signature verification function.
Please forgive the lengthy explanation.
The configuration consists of data from a client (KW45B41Z-EVK board), signed by the server and verified with a public key. (Signatures and public keys are generated using OpenSSL or similar).
It has been confirmed that the public key and signature generated by the server can be correctly verified by the Python signature verification programme.
Having verified that the private key, public key, signature data and signature are generated correctly, the next step is to check whether the same can be achieved with the program implemented on the KW45B41Z-EVK board.
After checking the security library, we thought that the verification functions defined in <SecLib_ecp256.h> could be used, so we implemented and verified them.
The function used was the following function.
----------------------------------------------------------
ECDSA_VerifySignature(const uint8_t *pPubKey,
const uint8_t *pDigest,.
uint16_t DigestLen,.
const uint8_t *pSignature);
[size of parameters used].
pPubKey: previously known public key (91 bytes)
pDigest: hash value (32 bytes) generated by SHA256 function.
DigestLen : 32
pSignature: 70 bytes
----------------------------------------------------------
The result was not Success.
We are investigating that the ECDSA_VerifySignature function may have been used incorrectly, but the cause has not been identified.
Corresponding function comment in <SecLib_ecp256.h>.
-------------------------------------------
* @Param [in] pPubKey Pointer to a 64 byte buffer containing the public key (x,y).
* The public key is stored as a concatenation x||y with x and y being in BE format.
* @Param [in] pDigest Pointer to a buffer of byte length digestLen containing the message digest in BE format.
* @Param [in] DigestLen Byte length of the passed message digest.
* @Param [in] pSignature Pointer to a 64 byte buffer containing the generated signature (r,s).
* The signature is stored as the concatenation r||s with the integers r and s being in BE
* format.
-------------------------------------------
This comment states that it is a 64 byte buffer and I was wondering if the public key and signature parameters I am trying to use cannot possibly be used in the ECDSA_VerifySignature function, so I asked the community members a question.
There was also a statement that format = big endian, so I tried reversing the order of the data, but the result was the same NG.
Thank you in advance for your help.
nxf77486
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you for contacting NXP support.
Can you please help me providing more details pf what you are looking to do with this keys and signatures. Where are you planning to use this and how.
This t proportionate a solution and proper response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear NXP Support staff.
We have searched your SDK to implement a digital signature verification function in the KW45B41Z-EVK and found the ECDSA_VerifySignature function.
Therefore, we are planning to use this function to implement ECDSA signature verification with public keys and signatures of 64 bits or more.
Therefore, we tried to implement the signature verification process with this function on a trial basis, and it resulted in a verification error.
We have confirmed that the signature and public key we used can correctly verify the signature in the Python program, and there are no mistakes in the data.
I would like to know if the ECDSA_VerifySignature function is the right function to use when verifying signatures with signatures and public keys longer than 64 bytes.
We would also like to know if there are any other appropriate functions other than the ECDSA_VerifySignature function.
Thank you in advance for your help.
nxf77486
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
In this case you are correct the ECDSA functionality is the function you should use for verifying signature with public ones.
We do not have any other functions that can support this type of feature.
Please let me know if there is anything else where I can help you.
