elliptic | Fast Elliptic Curve Cryptography in plain javascript | Cryptography library

To get more info on why your program is failing you can output the program info log. Add the following debugging code between linking and using the program:

I can suggest two things to try out:

1. JwtBuilder signWith(SignatureAlgorithm var1, Key var2) is deprecated. Can you try using JwtBuilder signWith(Key var1, SignatureAlgorithm var2) , and see if that succeeds?
2. If not, you can try using bountycastle , which does work for me. Following is the code snippet for getting the private key.

I am answering my own question for case someone find it useful. As suggested by Michael a possible workaround is to use "jsrsasign" library and KEYUTIL functions. After having installed jsrsasign, the following code imports ECDSA private key on both Chrome and Firefox.

As far as I know, the NodeJS crypto module does not support the X.509/SPKI format for the public key in ECDH context, but only the raw key. However, it is possible to derive the raw key from the X.509/SPKI key.

The X.509/SPKI key generated with the WebCrypto code encapsulates the raw (more precisely uncompressed) key, 0x04 + + , which is localized at the end. For P-256 aka prime256v1 the last 65 bytes correspond to the raw key. The front part is identical for different P-256 keys.

This way, in the NodeJS code, the raw key for P-256 can be determined as the last 65 bytes from the X.509/SPKI key.
Similarly, the front part of the X.509/SPKI key can be concatenated with the raw key generated with the NodeJS code, thus converting the raw key to the X.509/SPKI format.

The NodeJS code for this is:

I am not 100% sure that I understand what you are trying to do, however, the reason that you are getting an out-of-bounds error is that

1. You establish the value x here:

ECDiffieHellmanCng(CngKey.Create(CngAlgorithm.ECDsaP256))
This implies there is some kind of difference between the key types.

When you try to initialize an ECDiffieHellmanCng using a CngKey during runtime is verifies that the CngKey that you provided is part of a particular list of algorithms, MSDN calls them the Elliptic Curve Diffie-Hellman (ECDH) algorithm group, which has four valid AlgorithmGroup names ECDH,ECDiffieHellman,ECDiffieHellmanCng, and System.Security.Cryptography.ECDiffieHellmanCng, which all refer to the same implementation.

When you create a CngKey with CngAlgorithm.ECDiffieHellmanP256 you get a valid ECDH key who's AlgorithmGroup is ECDH, which is valid as a parameter to create a ECDiffieHellmanCng to perform key exchanges.

However, when you create a CngKey with CngAlgorithm.ECDsaP256 you get a key with an AlgorithmGroup of ECDSA which is not a valid AlgorithmGroup to create a ECDiffieHellmanCng to perform key exchanges.

The ECDSA AlgorithmGroup is used to denote a CngKey who's purpose to to perform Elliptic-curve Digital Signatures, and explicitly not perform key exchanges. This key can't be used with a ECDiffieHellmanCng to perform key exchanges because it most probably does not contain enough, valid and/or secure information to perform key exchanges with another party.

You're able to construct valid EC signatures using ECDsaCng with both ECDH and ECDSA CngKeys because they both contain enough, valid, or secure information to construct and perform a digital signatures. However, the reverse is not the same due to the limitations MSDN created when performing key exchanges, with their implementation of ECDiffieHellmanCng, in addition to the probable missing information/format the ECDSA CngKey key prevents the proper calculation of a key exchange.

We can verify this information with a short test script

As kelalaka pointed out in a comment on the original post, I was confusing the the order of the group and the finite field F_p. I was getting values modulo the Group Order, when I should've been using the values modulo prime p used to define the finite field.

The new and correct result I get is:

In elliptic curve cryptography the private key is simply a large random number in some range, usually 0 - 2^256, the range is defined by curve itself though, usually the order of some cyclic subgroup, or the entire curve order when dealing with prime order curves.

ECC is used for many things, Elliptic Curve Diffie Hellman, Elliptic Curve Signature (ECDSA) they all require scalar multiplication of a given private key by the curve's generator point to establish the public key.

These scalar multiplication functions are implemented differently for various security and efficiency reasons.

In short are three types of multiplication function:

• Fixed-base
• Variable-base
• Double-base

ECDSA uses fixed-base, ECDH uses variable-base.

There is intuition here, during ECDH you must multiply your private key by someone else's "variable" public point.

Anyway, to use Brainpool, you must generate a key suitable for that curves order, and multiply it by the curves generator point. Usually most API's allow specification of the curve.

By the way, don't use Brainpool, it sucks.

For your code example, you can use Expanded for your TextView widget.