TechQA.

GCP KMS - Elliptic curve Signature

143 views Asked by At

I am using google cloud KMS to manage my keys. Using JAVA client libs to interact with KMS. I receive byte array as a signature of a message as below

        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);

        // Calculate the digest.
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(plaintext);

        // Build the digest object.
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();

        // Sign the digest.
        AsymmetricSignResponse result = client.asymmetricSign(keyVersionName, digest);

        byte[] signature = result.getSignature().toByteArray();

How to get a pair to integers {r, s} as a signature as stated here

google-cloud-platform digital-signature elliptic-curve google-cloud-kms key-management
Original Q&A
1

There are 1 answers

0
bdhess On BEST ANSWER

R and S are packed into an Ecdsa-Sig-Value ASN.1 structure. The most straightforward way to extract them would be to rely on a library like BouncyCastle that can read the ASN.1 sequence. For example

import java.math.BigInteger;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;

private static BigInteger[] extractRandS(byte[] asn1EncodedSignature) {
    ASN1Sequence seq = ASN1Sequence.getInstance(asn1EncodedSignature);
    BigInteger r = ((ASN1Integer) seq.getObjectAt(0)).getValue();
    BigInteger s = ((ASN1Integer) seq.getObjectAt(1)).getValue();
    return new BigInteger[]{r, s};
}

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in DIGITAL-SIGNATURE

Related Questions in ELLIPTIC-CURVE

Related Questions in GOOGLE-CLOUD-KMS

Related Questions in KEY-MANAGEMENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions