All I need are to get a private and public keypair for ECDSA. Stanford Javascript Crypto Library does it in a non-standard way ( /?fromgroups#!topic/sjcl-discuss/UaWUyMWS3Rs ) and that's useless to me - like what's the point of making a MD5 library that gives different results to everything else?
Is there an actual, working way to use ECDSA in javascript?
All I need are to get a private and public keypair for ECDSA. Stanford Javascript Crypto Library does it in a non-standard way ( https://groups.google./forum/?fromgroups#!topic/sjcl-discuss/UaWUyMWS3Rs ) and that's useless to me - like what's the point of making a MD5 library that gives different results to everything else?
Is there an actual, working way to use ECDSA in javascript?
Share Improve this question asked Jan 6, 2013 at 9:12 apscienceapscience 7,27311 gold badges57 silver badges89 bronze badges 1- Basically I would stay away from SJCL. Simple reason: multiple issues like this have been found - including very serious verification mistakes, and although Mike seems to know what he's talking about, the library is just not tested well enough for a cryptographic library to be used. I would seriously try to get around issues by using SSL (for browser based crypto) or a wrapper library (for "local" development). Note that I wrote a Java patability library, so I would rather promote the software. – Maarten Bodewes Commented Jan 6, 2013 at 19:50
2 Answers
Reset to default 7The jsrsasign 4.0.0 now supports ECDSA signing and verification with EC private and public key.
http://kjur.github.io/jsrsasign/
I think this meets your needs. Here is a demo page.
http://kjur.github.io/jsrsasign/sample-ecdsa.html
First of all, the ment you link to talks about the format of the ECDSA signature, not the keypair. Secondly, it is a bit misleading:
The output from the ECDSA algorithm is two integers in the interval [1, n-1]. The ECDSA standard (FIPS 183-3) does not specify way a standard method to encode this pair of numbers as a array of bytes.
One way is by encapsulating the numbers in an ASN.1 SEQUENCE. This is the way specified by ANSI X9.62 and RFC3278. It is the standard output from Java and (AFAIR) Microsoft CNG/.NET.
Another way is by left-padding the numbers with zeroes so they have the same byte-length as n and then just concatenating them. This is done by PKCS#11 and most smartcard implementations.
If I read the source code correctly, the SJCL encodes the ECDSA signature in the second way. You can easily convert this format to the first one.