Erlang crypto:sign ecdh prime256v1 - Couldn't get ECDSA private key

Question

I try to implement VAPID Claim, that use ECDH signature with prime256v1 curve.

Here the code:

test() ->
  Msg = <<"test">>,
 {PubKey, PrivKey} = crypto:generate_key(ecdh, prime256v1),

 ?LOG(notice,"PubKey:~p~n",[PubKey]),
 ?LOG(notice," PrivKey:~p~n",[PrivKey]),

 Signature = crypto:sign(ecdsa,sha256,Msg,PrivKey),
 ?LOG(notice,"~p~n",[Signature]).

When I run it, I got error message:

** exception error: {badarg,{"pkey.c",363},"Couldn't get ECDSA private key"}
 in function  crypto:sign/5 (crypto.erl, line 1455)
    *** argument 4: Couldn't get ECDSA private key
    *** (Found in the internal file pkey.c at line 363)

Any idea how to fix it?

Answer 1

Found solution in enter link description here

Should be

test() ->
 Msg = <<"test">>,
 {PubKey, PrivKey} = crypto:generate_key(ecdh, prime256v1),

 ?LOG(notice,"PubKey:~p~n",[PubKey]),
 ?LOG(notice," PrivKey:~p~n",[PrivKey]),

 Signature = crypto:sign(ecdsa,sha256,Msg,[PrivKey,prime256v1]),
 Signature.

Answer 2

There is no such thing as an “ECDH signature”. ECDH is a key agreement (sometimes called key exchange) algorithm. ECDSA is a signature algorithm.

ECDH and ECDSA use the same mathematical objects¹ as keys, but if you tell a crypto library that a key is for a certain algorithm, it will often prevent you from using that key for a different algorithm (because that's potentially a mistake that opens a security hole). I'm not familiar with Erlang and I don't know whether its crypto library implements this check, but if it does, that's a good thing.

VAPID uses an ECDSA signature.

So change your code to

 {PubKey, PrivKey} = crypto:generate_key(ecdsa, prime256v1),

¹ _{A key pair on a Weierstrass elliptic curve. Depending on whose terminology you use, ECDH may also encompass a very similar key exchange algorithm with a key pair on a a Montgomery curve, for which ECDSA is not defined.}