Score:1

JavaScript SubtleCrypto - Is there a way to convert the ECDSA keys into a more "portable" format and preferably shorter?

st flag

I asked this question on StackOverflow but it seems like it's more appropriate for this Crypto community.

I am using the browser built in SubtleCrypto library in javascript to generate public and private keys as such:

let keyPair = await crypto.subtle.generateKey(
    {
        name: "ECDSA",
        namedCurve: "P-521",
    },
    true,
    ['sign', 'verify']
)
console.log(keyPair)
let exportedPublicKey = await crypto.subtle.exportKey("jwk", keyPair.publicKey)
let exportedPrivateKey = await crypto.subtle.exportKey("jwk", keyPair.privateKey)
console.log(exportedPublicKey)
console.log(exportedPrivateKey)

This generates the following (just a test key):

enter image description here

Is there a way to convert the exported keys into a bit more "portable" format? Something which isn't JSON, isn't super long, maybe hex format? Maybe compressed format?

I tried passing "raw" instead of "jwk" for the exportKey function and that returns an "Operation is not supported" error because it's probably not supported for this format.

For example, Eth-Crypto has a publicKey.compress() way to compress the public key into a short enough string: '03a34d6aef3eb42335fb3cacb59478c0b44c0bbeb8bb4ca427dbc7044157a5d24b'

https://github.com/pubkey/eth-crypto#createidentity

Similarly, Schnorr keys are also pretty short.

One of the comments to my question says that I can extract the parameters d, x and y and With x and y, creating the uncompressed/compressed key is trivial.

However, I am not sure how to do the second part regarding creating the uncompressed/compressed key from the extracted x, y and d. How can I do that?

dave_thompson_085 avatar
cn flag
For general EC crypto, there are several other portable representations (PKCS8 and SPKI, OpenPGP, also OpenSSH 'new' to an extent) but they aren't shorter. For some cryptocurrencies there are shorter forms that are limited to only one curve and thus are not portable; in particular the Ethereum form you show is only for secp256k1 not P521 (secp521r1).
sudoExclaimationExclaimation avatar
st flag
@dave_thompson_085 even if not shorter, how can I convert the JWK format to a hex/byte string format?
fgrieu avatar
ng flag
Standard format for the point forming a compressed ECDSA public key is in [sec1v2, §2.3.3](https://www.secg.org/sec1-v2.pdf#subsubsection.2.3.3), case 3. For P-521 that's 67 bytes: the byte 02 or 03 according to the low-order bit of $y\bmod p$, and 66 bytes coding $x\bmod p$ (big-endian). Some wrap this in the ASN.1 encoding for the full public key, see [appendix C.3](https://www.secg.org/sec1-v2.pdf#subsection.C.3). Extra attributes and text encoding are application-dependent, and largely off-topic. Libraries to perform this are off-topic. [Cross-posted](https://stackoverflow.com/q/76321459).
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.