Join Log in
Score:0
wick avatar Crypto

ECC Public key import understanding

lv flag
wick

I am working out ICAO verification process (biometric IDs), and here is one of their publicly available certificates:

# openssl x509 -in 492F0116.crt -text -noout
Certificate:
Data:
    Version: 3 (0x2)
    Serial Number: 1227817238 (0x492f0116)
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: C = GB, O = UKKPA, CN = Country Signing Authority
    Validity
        Not Before: Feb  1 00:00:00 2022 GMT
        Not After : Jun  1 00:00:00 2033 GMT
    Subject: C = GB, O = HM Passport Office, OU = London, CN = Document Signing Key 37
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub:
                04:1a:35:73:02:b5:21:4a:7d:b7:00:03:55:53:f8:
                c3:7a:d4:f1:93:ca:b0:d8:4b:a6:4b:68:e4:ce:fa:
                71:f7:08:4b:9e:e8:47:33:b9:f4:b6:03:b1:2d:94:
                e9:47:bf:60:f9:2d:3b:19:47:7f:7d:e1:2d:e7:55:
                00:fd:e2:2c:b2
            Field Type: prime-field
            Prime:
                00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                ff:ff:ff
            A:
                00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                ff:ff:fc
            B:
                5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
                bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
                60:4b
            Generator (uncompressed):
                04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
                40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
                98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
                7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
                68:37:bf:51:f5
            Order:
                00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
                ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
                63:25:51
            Cofactor:  1 (0x1)
            Seed:
                c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
                b7:81:9f:7e:90
    X509v3 extensions: ...

I tried to import this certificate to python ECC and I am always getting:

File "C:\Users\snowx\miniconda3\lib\site-packages\Crypto\PublicKey\ECC.py", line 1757, 
in import_key
raise ValueError("Invalid DER encoding inside the PEM file")

ValueError: Invalid DER encoding inside the PEM file

So, that is the first question. But more importantly, could someone point me out what all those A/B parameters are i.e. what curve is used here?

Original cert:

-----BEGIN CERTIFICATE-----
MIIESTCCA9CgAwIBAgIESS8BFjAKBggqhkjOPQQDAjBBMQswCQY
DVQQGEwJHQjEOMAwGA1UEChMFVUtLUEExIjAgBgNVBAMTGUNvdW50cnkgU2lnbmluZyBBdXRob3
JpdHkwHhcNMjIwMjAxMDAwMDAwWhcNMzMwNjAxMDAwMDAwWjBdMQswCQYDVQQGEwJHQjEbMBkGA
1UEChMSSE0gUGFzc3BvcnQgT2ZmaWNlMQ8wDQYDVQQLEwZMb25kb24xIDAeBgNVBAMTF0RvY3Vt
ZW50IFNpZ25pbmcgS2V5IDM3MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP/
///8AAAABAAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA//
/////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTa
mZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n
60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8YyV
RAgEBA0IABBo1cwK1IUp9twADVVP4w3rU8ZPKsNhLpkto5M76cfcIS57oRzO59LYDsS2U6Ue/YP
ktOxlHf33hLedVAP3iLLKjggGkMIIBoDBCBgNVHREEOzA5gSVkb2N1bWVudC50ZWNobm9sb2d5Q
GhvbWVvZmZpY2UuZ292LnVrpBAwDjEMMAoGA1UEBxMDR0JSMCsGA1UdEAQkMCKADzIwMjIwMjAx
MDAwMDAwWoEPMjAyMjA1MDQwMDAwMDBaMA4GA1UdDwEB/wQEAwIHgDBjBgNVHRIEXDBapBAwDjE
MMAoGA1UEBxMDR0JSgR9kb2N1bWVudC50ZWNobm9sb2d5QGhtcG8uZ292LnVrgSVkb2N1bWVudC
50ZWNobm9sb2d5QGhvbWVvZmZpY2UuZ292LnVrMBkGB2eBCAEBBgIEDjAMAgEAMQcTAVATAlBUM
F0GA1UdHwRWMFQwUqBQoE6GIGh0dHBzOi8vaG1wby5nb3YudWsvY3NjYS9HQlIuY3JshipodHRw
czovL3BrZGRvd25sb2FkMS5pY2FvLmludC9DUkxzL0dCUi5jcmwwHwYDVR0jBBgwFoAUSZ5HMCe
FIMV8/BGAJOFMFWKiSdYwHQYDVR0OBBYEFCIKxfq2Ho9x3fNyE9fT6M5hqgrKMAoGCCqGSM49BA
MCA2cAMGQCMBjGy+hBmbfWZXFsSuF7y7X5vzhZO4AaPVo9O/fyVykvatkwB1y/CPKe+RRNVcVRt
wIwYAEZZtxVcysQQbITnoyaCgnUlUh7FkjF82uLm2IZAfQMd7nNWiZolXcBMsFuIeIp
-----END CERTIFICATE-----
181
1 + 2
wick avatar
lv flag
wick
I think I see the math behind it: https://loup-vaillant.fr/tutorials/cofactor but in practical terms - what library can handle it?
0
Reply
SAI Peregrinus avatar
si flag
SAI Peregrinus
Programming questions are off-topic here. That said, you've got a *certificate*, not just a public key, so importing a public key won't work. You have to import the certificate to Python and extract the key (or extract the key and import that).
1
Reply
Score:2
SAI Peregrinus avatar Crypto
si flag
SAI Peregrinus

The curve used looks to be NIST P-256 AKA SECG SECP256r1 AKA x.962 prime256v1 (it's got lots of names because lots of organizations standardized it).

The programming portion of the question is off-topic for this site, particularly as you didn't state which library you're using so we can't even look up the documentation for it. However, there's almost certainly a way to import an x.509 Certificate (what you have) and to get the public key from that imported object. If not, the commonly-used pyca/cryptography library can do so.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.