coldcore | Trustminimized Bitcoin wallet | Cryptography library

by jamesob Python Version: Current License: MIT

Download this library from

kandi X-RAY | coldcore Summary

coldcore is a Python library typically used in Security, Cryptography, Bitcoin applications. coldcore has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. However coldcore build file is not available. You can download it from GitHub.

A trust-minimized Bitcoin wallet interface that relies only on Bitcoin Core. In short, this is the easiest way to do air-gapped wallet management with Bitcoin Core, Coldcard, and not much else.

Support

Quality

Security

License

Reuse

kandi-support Support

coldcore has a low active ecosystem.
It has 111 star(s) with 12 fork(s). There are 11 watchers for this library.
It had no major release in the last 12 months.
There are 20 open issues and 14 have been closed. On average issues are closed in 21 days. There are no pull requests.
It has a neutral sentiment in the developer community.
The latest version of coldcore is current.

coldcore Support

Best in #Cryptography

Average in #Cryptography

coldcore Support

Best in #Cryptography

Average in #Cryptography

quality kandi Quality

coldcore has 0 bugs and 0 code smells.

coldcore Quality

Best in #Cryptography

Average in #Cryptography

coldcore Quality

Best in #Cryptography

Average in #Cryptography

security Security

coldcore has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
coldcore code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.

coldcore Security

Best in #Cryptography

Average in #Cryptography

coldcore Security

Best in #Cryptography

Average in #Cryptography

license License

coldcore is licensed under the MIT License. This license is Permissive.
Permissive licenses have the least restrictions, and you can use them in most projects.

coldcore License

Best in #Cryptography

Average in #Cryptography

coldcore License

Best in #Cryptography

Average in #Cryptography

build Reuse

coldcore releases are not available. You will need to build from source code and install.
coldcore has no build file. You will be need to create the build yourself to build the component from source.
Installation instructions, examples and code snippets are available.

coldcore Reuse

Best in #Cryptography

Average in #Cryptography

coldcore Reuse

Best in #Cryptography

Average in #Cryptography

Top functions reviewed by kandi - BETA

kandi has reviewed coldcore and discovered the below as its top functions. This is intended to give you an instant insight into coldcore implemented functionality, and help decide if they suit your requirements.

Run setup .
Draw the board .
Construct a CCWallet from a file - like object .
Get the global configuration from the CLI .
Draw a menu .
Create a config file .
Make a call to the API .
Prepare a spend transaction .
Confirm a broadcast broadcast .
Get an RPC instance .

coldcore Key Features

Zero install process for most platforms

Designed for simplicity and auditability

No GUI, terminal only (curses and command-line)

Works in terms of script descriptors and PSBTs

Minimal dependencies: Bitcoin Core, Python 3 interpreter, nothing else

Supports only airgapped, opensource hardware wallets

Integrates with GPG and pass for secure xpub storage

Design

Status

Usage

Security assumptions

Configuration

FAQ Why is there no GUI? Why do you only support Coldcard? Will you add others? Why did you use Python and not {Rust,Haskell,C++}? Why do you encrypt the config file by default with GPG?

Donate

TODO/Roadmap

coldcore Examples and Code Snippets

See all related Code Snippets

Auditing

Copy

Download

.
├── bin
│&nbsp;&nbsp; ├── compile                    # generates final `coldcore` script
│&nbsp;&nbsp; └── sign_release 
├── coldcore
├── sigs                           # signatures for verification
│&nbsp;&nbsp; └── coldcore-0.1.0-alpha.asc
└── src
    ├── coldcore
    │&nbsp;&nbsp; ├── crypto.py              # a few basic cryptographic utilities
    │&nbsp;&nbsp; ├── __init__.py
    │&nbsp;&nbsp; ├── main.py                # most logic is here; wallet ops, CLI, models
    │&nbsp;&nbsp; ├── test_coldcard.py 
    │&nbsp;&nbsp; ├── test_crypto.py
    │&nbsp;&nbsp; ├── thirdparty
    │&nbsp;&nbsp; │&nbsp;&nbsp; ├── bitcoin_rpc.py     # taken from python-bitcoinlib
    │&nbsp;&nbsp; │&nbsp;&nbsp; ├── clii.py            # taken from jamesob/clii
    │&nbsp;&nbsp; │&nbsp;&nbsp; ├── __init__.py
    │&nbsp;&nbsp; │&nbsp;&nbsp; └── py.typed
    │&nbsp;&nbsp; └── ui.py                  # presentation logic, curses
    ├── requirements-dev.txt
    └── setup.py                   # for development use only

Receiving

Copy

Download

 % ./coldcore newaddr --help
usage: coldcore newaddr [-h] [--num NUM]

optional arguments:
  -h, --help  show this help message and exit
  --num NUM   default: 1

Sending

Copy

Download

% SEND_TO_ADDR=tb1qj2sjxuhxqyfgxkf6kqnthskqtum8hr2zr0l95j

% ./coldcore prepare-send $SEND_TO_ADDR 0.00001
 -- 1 inputs, 2 outputs
 -- fee: 0.00000141 BTC (14.10% of amount)
 ✔  wrote PSBT to unsigned-20201222-0920.psbt - sign with coldcard

% # I transfer the .psbt file to a microSD, sign with the coldcard, and plug
% # the microSD back in...

% ./coldcore broadcast /media/james/3264-6339/unsigned-20201222-0920-signed.psbt
 !  About to send a transaction:

     &lt;- tb1qumfrma8gy08wcfq0ugwknh8cy0cdds5df8lfya  (0.00009859 BTC)

     -&gt; tb1qj2sjxuhxqyfgxkf6kqnthskqtum8hr2zr0l95j  (0.00001000 BTC)  (your address)
     -&gt; tb1qfs2yd54mmdzvrsnzdqk852crzclkn8cfx8cgzf  (0.00008718 BTC)  (your address)

 ?  look okay? [y/N]: y
 ✔  tx sent: d859cfe7a05e70e5d1e734244fb731c988bb29b236bd108529145cf987b8467f
d859cfe7a05e70e5d1e734244fb731c988bb29b236bd108529145cf987b8467f

Comparison to other wallets

Copy

Download

github.com/AlDanial/cloc v 1.86  T=0.04 s (27.3 files/s, 84781.1 lines/s)
-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
Python                           1            673            313           2123
-------------------------------------------------------------------------------

Donate

Copy

Download

See all related Code Snippets

Community Discussions

Trending Discussions on Cryptography

ECSDA sign with Python, verify with JS
How to calculate sha 512 hash properly in .NET 6
Crypto-js encryption and Python decryption using HKDF key
Exception "System.Security.Cryptography.CryptographicException" after Publishing project
Chaum blind signature with blinding in JavaScript and verifying in Java
KJUR jws jsrsasign: Cannot validate ES256 token on JWT.io
Is it possible to get ISO9796-2 signature with Trailer = 'BC' in Javacard?
How to transfer custom SPL token by '@solana/web3.js' and '@solana/sol-wallet-adapter'
From base64-encoded public key in DER format to COSE key, in Python
Why are signatures created with ecdsa Python library not valid with coincurve?

Trending Discussions on Cryptography

QUESTION

ECSDA sign with Python, verify with JS

Asked 2022-Apr-10 at 18:16

I'm trying to achieve the exact opposite of this here where I need to sign a payload in Python using ECDSA and be able to verify the signature in JS.

Here is my attempt, but I'm pretty sure I'm missing something with data transformation on either or both ends.

(Key types are the same as in the answer provided to the question above)

I've tried some other variations but nothing worked so far.

(The verification on JS returns False)

Python:

import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric.utils import (
    encode_dss_signature,
    decode_dss_signature
)
from cryptography.hazmat.primitives.serialization import load_der_public_key, load_pem_private_key, load_der_private_key

from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives import hashes
from cryptography.exceptions import InvalidSignature
import base64
import json
from hashlib import sha256



def order_dict(dictionary):
    return {k: order_dict(v) if isinstance(v, dict) else v
            for k, v in sorted(dictionary.items())}


async def sign_payload(private_key, data):
    """
    Generate a signature based on the data using the local private key.
    """
    data = order_dict(data)

    # Separators prevent adding whitespaces around commas and :
    payload = json.dumps(data, separators=(',', ':')).encode('utf-8')

    # payload = base64.b64decode(json.dumps(data, separators=(',', ':')))

    sig = private_key.sign(
        payload,
        ec.ECDSA(hashes.SHA256())
    )

    return sig

JS:

export function b642ab(base64_string){
  return Uint8Array.from(window.atob(base64_string), c => c.charCodeAt(0));
}


export async function verifySignature(signature, public_key, data_in) {
  // Sorting alphabetically to avoid signature mismatch with BE
  const sorted_data_in = sortObjKeysAlphabetically(data_in);

  var dataStr = JSON.stringify(sorted_data_in)
  console.log(dataStr)

  var dataBuf = new TextEncoder().encode(dataStr)

  return window.crypto.subtle.verify(
    {
      name: "ECDSA",
      namedCurve: "P-256",
      hash: { name: "SHA-256" },
    },
    public_key,
    b642ab(utf8.decode(signature)),
    dataBuf
  );
}

await sign_payload(private_dsa_key, generated_payload)

ANSWER

Answered 2022-Apr-10 at 18:16

The main problem is that both codes use different signature formats:
sign_payload() in the Python code generates an ECDSA signature in ASN.1/DER format. The WebCrypto API on the other hand can only handle the IEEE P1363 format.
Since the Python Cryptography library is much more convenient than the low level WebCrypto API it makes sense to do the conversion in Python code.

The following Python code is based on your code, but additionally performs the transformation into the IEEE P1363 format at the end:

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.primitives import hashes
import base64
import json

#def order_dict(dictionary):
#    return {k: order_dict(v) if isinstance(v, dict) else v
#            for k, v in sorted(dictionary.items())}

def sign_payload(private_key, data):
    """
    Generate a signature based on the data using the local private key.
    """    
    
    #order_dict(data) # not considered!

    # Separators prevent adding whitespaces around commas and :
    payload = json.dumps(data, separators=(',', ':')).encode('utf-8')
    print(payload.decode('utf-8'))

    sig = private_key.sign(
        payload,
        ec.ECDSA(hashes.SHA256())
    )

    return sig

privateKeyPem = b'''-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrW9XiIs4/Kb0q8kl
TmF3oIwSn4NO3xAjs08F0lJ/5UOhRANCAAQykdP4c0ozvOOHHSNkMfLNCWRstXTG
TQf9MWjqB9PbeKyHnxuU82FisUjnVD9zO+QDAK0tnP/qzWf8zxoD0vVW
-----END PRIVATE KEY-----'''

privateKey = load_pem_private_key(privateKeyPem, password=None, backend=default_backend())
data = {"key1": "value1", "key2": "value2"}
signatureDER = sign_payload(privateKey, data)

# Convert signature format
(r, s) = decode_dss_signature(signatureDER)
signatureP1363 = r.to_bytes(32, byteorder='big') + s.to_bytes(32, byteorder='big')
print(base64.b64encode(signatureP1363).decode('utf-8'))

A possible output is:

{"key1":"value1","key2":"value2"}
KIkBK4pxSFq/UdsPb/mYCC3y7iAJlULC/jizNp9DrvFFIvZaUjx/M0SAQC7CeBIlLmKzfkGx1fOr7OJ8VlwAdg==

Note that for this test, the order_dict(data) call is commented out, since the JavaScript counterpart was not posted.

In the JavaScript code, remove the utf8.decode() when Base64 decoding the signature. Apart from that the code is OK. The following JavaScript code is based on your code, with the addition of the key import:

(async () => {

     var x509pem = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMpHT+HNKM7zjhx0jZDHyzQlkbLV0
xk0H/TFo6gfT23ish58blPNhYrFI51Q/czvkAwCtLZz/6s1n/M8aA9L1Vg==
-----END PUBLIC KEY-----`
     var public_key = await importPublicKey(x509pem)
     var data_in = {
         key1: "value1",
         key2: "value2"
     }
     var signature = "KIkBK4pxSFq/UdsPb/mYCC3y7iAJlULC/jizNp9DrvFFIvZaUjx/M0SAQC7CeBIlLmKzfkGx1fOr7OJ8VlwAdg=="
     var verified = await verifySignature(signature, public_key, data_in)
     console.log(verified);
  
})();

function b642ab(base64_string){
     return Uint8Array.from(window.atob(base64_string), c => c.charCodeAt(0));
}

async function verifySignature(signature, public_key, data_in) {
    // Sorting alphabetically to avoid signature mismatch with BE
  
    //const sorted_data_in = sortObjKeysAlphabetically(data_in);
    //var dataStr = JSON.stringify(sorted_data_in)
    var dataStr = JSON.stringify(data_in)
    console.log(dataStr)

    var dataBuf = new TextEncoder().encode(dataStr)
  
    return window.crypto.subtle.verify(
        {
            name: "ECDSA",
            namedCurve: "P-256",
            hash: { name: "SHA-256" },
        },
        public_key,
        b642ab(signature),
        dataBuf
    );
}

async function importPublicKey(spkiPem) {   
    return await window.crypto.subtle.importKey(
        "spki",
        getSpkiDer(spkiPem),
        {name: "ECDSA", namedCurve: "P-256"},
        false,
        ["verify"]
    );
}

function getSpkiDer(spkiPem){
    const pemHeader = "-----BEGIN PUBLIC KEY-----";
    const pemFooter = "-----END PUBLIC KEY-----";
    var pemContents = spkiPem.substring(pemHeader.length, spkiPem.length - pemFooter.length);
    var binaryDerString = window.atob(pemContents);
    return str2ab(binaryDerString); 
}

function str2ab(str) {
    const buf = new ArrayBuffer(str.length);
    const bufView = new Uint8Array(buf);
    for (let i = 0, strLen = str.length; i < strLen; i++) {
        bufView[i] = str.charCodeAt(i);
    }
    return buf;
}

The message can be successfully verified with the JavaScript code using the signature generated by the Python code.

Note that - analogous to the Python code - sortObjKeysAlphabetically() has been commented out because of the missing implementation.

Source https://stackoverflow.com/questions/71818496

QUESTION

Crypto-js encryption and Python decryption using HKDF key

Asked 2022-Mar-28 at 11:29

Based on the example provided here on how to establish a shared secret and derived key between JS (Crypto-JS) and Python, I can end up with the same shared secret and derived key on both ends.

However, when I try to encrypt as below, I cannot find a way to properly decrypt from Python. My understanding is that probably I am messing with the padding or salts and hashes.

    const payload = "hello"
    var iv = CryptoJS.enc.Utf8.parse("1020304050607080");

    var test = CryptoJS.AES.encrypt(
        payload,
        derived_key,
        {iv: iv, mode: CryptoJS.mode.CBC}
    ).toString();

    console.log(test)

Output "y+In4kriw0qy4lji6/x14g=="

Python (one of the attempts):

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad,unpad

iv = "1020304050607080"

test_enc = "y+In4kriw0qy4lji6/x14g=="
enc = base64.b64decode(test_enc)

cipher = AES.new(derived_key, AES.MODE_CBC, iv.encode('utf-8'))

print(base64.b64decode(cipher.decrypt(enc)))

print(unpad(cipher.decrypt(enc),16))

Any guidance here would be greatly appreciated as I am stuck for quite some time.

(I have encryption working using a password, but struggling with HKDF).

EDIT:

Here is the full Python code:

from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
import base64


from Crypto.Cipher import AES
from Crypto.Util.Padding import pad,unpad


def deriveKey():

  server_pkcs8 = b'''-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBReGpDVmoVTzxNbJx6
aL4L9z1EdB91eonAmAw7mKDocLfCJITXZPUAmM46c6AipTmhZANiAAR3t96P0ZhU
jtW3rHkHpeGu4e+YT+ufMiMeanE/w8p+d9aCslvIbZyBBzeZ/266yqTUUoiYDzqv
Hb5q8rz7vEgr3DG4XfHYpCqfE2nttQGK3emHKGnvY239AteZkdwMpcs=
-----END PRIVATE KEY-----'''

  client_x509 = b'''-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEm0xeyy3nVnYpOpx/CV/FnlNEdWUZaqtB
AGf7flKxXEjmlSUjseYzCd566sLpNg56Gw6hcFx+rWTLGR4eDRWfmwlXhyUasuEg
mb0BQf8XJLBdvadb9eFx2CP1yjBsiy8e
-----END PUBLIC KEY-----'''

  client_public_key = serialization.load_pem_public_key(client_x509)
  server_private_key = serialization.load_pem_private_key(server_pkcs8, password=None)
  shared_secret = server_private_key.exchange(ec.ECDH(), client_public_key)
  print('Shared secret: ' + base64.b64encode(shared_secret).decode('utf8')) # Shared secret: xbU6oDHMTYj3O71liM5KEJof3/0P4HlHJ28k7qtdqU/36llCizIlOWXtj8v+IngF

  salt_bytes = "12345678".encode('utf-8')
  info_bytes = "abc".encode('utf-8')

  derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=salt_bytes,
    info=info_bytes,
  ).derive(shared_secret)
  print('Derived key:   ' + base64.b64encode(derived_key).decode('utf8'))
  return derived_key

derived_key = deriveKey()
iv = "1020304050607080"

test_enc = "y+In4kriw0qy4lji6/x14g=="
enc = base64.b64decode(test_enc)

cipher = AES.new(derived_key, AES.MODE_CBC, iv.encode('utf-8'))

print(base64.b64decode(cipher.decrypt(enc)))

print(unpad(cipher.decrypt(enc),16))

ANSWER

Answered 2022-Mar-28 at 11:29

The issue is that the key is not passed correctly in the CryptoJS code.

The posted Python code generates LefjQ2pEXmiy/nNZvEJ43i8hJuaAnzbA1Cbn1hOuAgA= as Base64-encoded key. This must be imported in the CryptoJS code using the Base64 encoder:

const payload = "hello"
var derived_key = CryptoJS.enc.Base64.parse("LefjQ2pEXmiy/nNZvEJ43i8hJuaAnzbA1Cbn1hOuAgA=")
var iv = CryptoJS.enc.Utf8.parse("1020304050607080");
var test = CryptoJS.AES.encrypt(payload, derived_key, {iv: iv, mode: CryptoJS.mode.CBC}).toString();
document.getElementById("ct").innerHTML = test; // bLdmGA+HLLyFEVtBEuCzVg==

<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
<p style="font-family:'Courier New', monospace;" id="ct"></p>

The hereby generated ciphertext bLdmGA+HLLyFEVtBEuCzVg== can be decrypted with the Python code:

from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import base64

test_enc = "bLdmGA+HLLyFEVtBEuCzVg=="
enc = base64.b64decode(test_enc)
derived_key = base64.b64decode("LefjQ2pEXmiy/nNZvEJ43i8hJuaAnzbA1Cbn1hOuAgA=")
iv = "1020304050607080"
cipher = AES.new(derived_key, AES.MODE_CBC, iv.encode('utf-8'))
print(unpad(cipher.decrypt(enc),16)) # b'hello'

Note that for security reasons, a static IV should not be used so that key/IV pairs are not repeated.

Source https://stackoverflow.com/questions/71632056

QUESTION

Exception "System.Security.Cryptography.CryptographicException" after Publishing project

Asked 2022-Mar-19 at 05:01

Everytime I publish my Blazor Server-project to my website domain, and opening the website, this exception occurs, and there's little to no help Googling it:

And it says AppState.cs: line 21, so here's the codeline for it:

This exception is not happening under debugging localhost. When I delete localStorage from the browser on my website, and refreshing, then everything works. But I don't want my customers having this exception and having to tell them to delete the localstorage everytime I'm publishing.

My Program.cs if necessary:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRazorPages();
builder.Services.AddServerSideBlazor().AddCircuitOptions(options => options.DetailedErrors = true);
builder.Services.AddHttpClient();

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters.ValidateIssuerSigningKey = true; // Validér secret key for JWT
        options.TokenValidationParameters.ValidateLifetime = false; // Validér ikke Lifetime på JWT
        options.TokenValidationParameters.ValidateAudience = false; // Ikke validér clients(audience), fx BlazorWeb, der skal anvende IdentityServer
        options.TokenValidationParameters.ValidateIssuer = false; // Ikke validér IdentityServer(issuer)
        options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["JWT:Secret"])); // Sæt secret key for JWT, der bruges som adgangskode til at tilgå JWT
    });

builder.Services.AddScoped<AuthService>();
builder.Services.AddScoped<AuthenticationStateProvider, AppState>();

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

RewriteOptions options = new RewriteOptions();
options.AddRedirectToWww();
options.AddRedirectToHttps();
app.UseRewriter(options);

app.UseStaticFiles();
app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapBlazorHub();
app.MapFallbackToPage("/_Host");

app.Run();

ANSWER

Answered 2022-Mar-16 at 13:16

Try to set Load User Profile to true in your IIS app pool in the advanced settings. see this answer, I hope that will help you!

Source https://stackoverflow.com/questions/71494715

QUESTION

Chaum blind signature with blinding in JavaScript and verifying in Java

Asked 2022-Mar-04 at 16:01

I'm experimenting with Chaum's blind signature, and what I'm trying to do is have the blinding and un-blinding done in JavaScript, and signing and verifying in Java (with bouncy castle). For the Java side, my source is this, and for JavaScript, I found blind-signatures. I've created two small codes to play with, for the Java side:

package crypto;

import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.io.pem.PemObject;

import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Scanner;

public class RsaConcealedMessageTest {
    public static void main(String[] args) {
        AsymmetricCipherKeyPair rsaKeyPair = generateKeyPair();
        Scanner userInput = new Scanner(System.in);

        try {
            printKeyPairPems(rsaKeyPair);

            // Producing signature on concealed message
            System.out.print("Concealed message (in base64)?");
            String concealedMessageBase64 = userInput.nextLine();
            byte[] concealedMessageBytes = Base64.getDecoder().decode(concealedMessageBase64);
            byte[] signatureOnConcealedMessage = signConcealedMessage(concealedMessageBytes, rsaKeyPair.getPrivate());
            System.out.println("Signature on concealed message (base64): " + Base64.getEncoder().encodeToString(signatureOnConcealedMessage));


            // Verifying revealed signature on revealed message
            System.out.print("Revealed message (in base64)?");
            String revealedMessageBase64 = userInput.nextLine();
            System.out.print("Revealed signature (in base64)?");
            String revealedSignatureBase64 = userInput.nextLine();

            byte[] revealedMessageBytes = Base64.getDecoder().decode(revealedMessageBase64);
            System.out.println("Revealed message is: " + new String(revealedMessageBytes));
            byte[] revealedSignatureBytes = Base64.getDecoder().decode(revealedSignatureBase64);

            PSSSigner signer = new PSSSigner(new RSAEngine(), new SHA256Digest(), 0);
            signer.init(false, rsaKeyPair.getPublic());

            signer.update(revealedMessageBytes, 0, revealedMessageBytes.length);
            boolean isVerified = signer.verifySignature(revealedSignatureBytes);
            System.out.println("Revealed signature is verified on revealed message: " + isVerified);

        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private static AsymmetricCipherKeyPair generateKeyPair() {
        RSAKeyPairGenerator generator = new RSAKeyPairGenerator();

        BigInteger publicExponent = new BigInteger("10001", 16);
        SecureRandom random = new SecureRandom();
        RSAKeyGenerationParameters keyGenParams = new RSAKeyGenerationParameters(
                publicExponent, random, 4096, 80
        );

        generator.init(keyGenParams);
        return generator.generateKeyPair();
    }

    private static void printKeyPairPems(AsymmetricCipherKeyPair keyPair) throws IOException {
        RSAKeyParameters publicKey = (RSAKeyParameters) keyPair.getPublic();
        byte[] publicKeyBytes = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey).getEncoded();
        printKeyPem("PUBLIC KEY", publicKeyBytes);

        RSAKeyParameters privateKey = (RSAKeyParameters) keyPair.getPrivate();
        byte[] privateKeyBytes = PrivateKeyInfoFactory.createPrivateKeyInfo(privateKey).getEncoded();
        printKeyPem("PRIVATE KEY", privateKeyBytes);
    }

    private static void printKeyPem(String keyType, byte[] keyBytes) throws IOException {
        PemObject pemObject = new PemObject(keyType, keyBytes);
        StringWriter keyStringWriter = new StringWriter();
        JcaPEMWriter pemWriter = new JcaPEMWriter(keyStringWriter);
        pemWriter.writeObject(pemObject);
        pemWriter.close();

        System.out.println(keyType + ": " + keyStringWriter.toString().replace("\n", ""));
    }

    private static byte[] signConcealedMessage(byte[] concealedMessage, AsymmetricKeyParameter privateKey) {
        RSAEngine engine = new RSAEngine();
        engine.init(true, privateKey);

        return engine.processBlock(concealedMessage, 0, concealedMessage.length);
    }
}

The above will generate a keypair, prints the public part to stdout and reads from stdin the blinded message and then the un-blinded message and signature. And for the JavaScript (Node.js) side, I have this:

const BigInteger = require('jsbn').BigInteger;
const BlindSignature = require('blind-signatures');
const NodeRSA = require('node-rsa');
const prompt = require('prompt-sync')();

const publicKeyInput = prompt("Public key in PEM?");
const publicKey = new NodeRSA(publicKeyInput);

// Concealing message
const message = "The quick brown fox jumps over the lazy dog! Hello World!";
const concealingResult = BlindSignature.blind(
    {
        message: message,
        N: publicKey.keyPair.n.toString(),
        E: publicKey.keyPair.e.toString(),
    }
);

const blindedHexStr = concealingResult.blinded.toString(16);
const blindedBuffer = Buffer.from(blindedHexStr, 'hex');

console.log(`\nConcealed message (base64): ${blindedBuffer.toString('base64')}`);
console.log(`\nr: ${concealingResult.r.toString(16)}`);

// Getting signature on concealed message and producing revealed signature
const signatureOnConcealedMessageBase64 = prompt("Signature on concealed message (base64)?");
const signatureOnConcealedMessageBuffer = Buffer.from(signatureOnConcealedMessageBase64, 'base64');
const signatureOnConcealedMessageHex = signatureOnConcealedMessageBuffer.toString('hex');
const signatureOnConcealedMessage = new BigInteger(signatureOnConcealedMessageHex, 16)

const signatureOnRevealedMessage = BlindSignature.unblind({
    signed: signatureOnConcealedMessage,
    N: publicKey.keyPair.n.toString(),
    r: concealingResult.r,
});

const revealedMessageBuffer = Buffer.from(message, 'utf8');
const revealedMessageBase64 = revealedMessageBuffer.toString('base64');
console.log(`\nRevealed message (base64): ${revealedMessageBase64}`);

const signatureOnRevealedMessageHex = signatureOnRevealedMessage.toString(16);
const signatureOnRevealedMessageBuffer = Buffer.from(signatureOnRevealedMessageHex, 'hex');
const signatureOnRevealedMessageBase64 = signatureOnRevealedMessageBuffer.toString('base64');
console.log(`\nSignature on revealed message (base64): ${signatureOnRevealedMessageBase64}`);

This reads the public key, generates the blinded message, and does the un-blinding.

The verification part of the Java code fails, and don't really know why. Does anyone have any idea?

ANSWER

Answered 2021-Dec-13 at 14:56

The blind-signature library used in the NodeJS code for blind signing implements the process described here:

BlindSignature.blind() generates the SHA256 hash of the message and determines the blind message m' = m * r^e mod N.
BlindSignature.sign() calculates the blind signature s' = (m')^d mod N.
BlindSignature.unblind() determines the unblind signature s = s' * r^-1 mod N.
BlindSignature.verify() decrypts the unblind signature (s^e) and compares the result with the hashed message. If both are the same, the verification is successful.

No padding takes place in this process.

In the Java code, the implementation of signing the blind message in signConcealedMessage() is functionally identical to BlindSignature.sign().
In contrast, the verification in the Java code is incompatible with the above process because the Java code uses PSS as padding during verification.
A compatible Java code would be for instance:

RSAEngine engine = new RSAEngine();
engine.init(false, rsaKeyPair.getPublic());
byte[] signatureDecrypted = engine.processBlock(revealedSignatureBytes, 0, revealedSignatureBytes.length);  // calculates s^e          
byte[] messageHashed = MessageDigest.getInstance("SHA-256").digest(revealedMessageBytes);
System.out.println(Arrays.equals(messageHashed, signatureDecrypted)); // verification successfull, if s^e identical with the SHA256 hash of the message

With this code verification is successful.

There seems to be an RFC in the pipeline for blinded signing, which indeed uses an extension of PSS, see draft-irtf-cfrg-rsa-blind-signatures.
BouncyCastle also provides an implementation for blind signing, see e.g. RSABlindingEngine, which is applied by the referenced Java library.

Source https://stackoverflow.com/questions/70324926

QUESTION

KJUR jws jsrsasign: Cannot validate ES256 token on JWT.io

Asked 2022-Mar-03 at 06:41

We are trying to make a JWT token for Apple Search Ads using the KJUR jws library. We are using the API documents from Apple:

https://developer.apple.com/documentation/apple_search_ads/implementing_oauth_for_the_apple_search_ads_api

We are generating a private key (prime256v1 curve):

openssl ecparam -genkey -name prime256v1 -noout -out private-key.pem

Next we are generating a public key from the private key:

openssl ec -in private-key.pem -pubout -out public-key.pem

Next we setup the header and payload:

var tNow = KJUR.jws.IntDate.get('now');
var tEnd = KJUR.jws.IntDate.get('now + 1day');
var teamId = 'SEARCHADS.xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';
var keyId = 'xxxxxx-xxxx-xxxx-xxxxxxxxxxx';
var privateKey = `-----BEGIN EC PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END EC PRIVATE KEY-----`;
  
var oHeader = {
  "alg": "ES256",
  "kid": keyId
}
  
var oPayload = {
  "iss": teamId,
  "iat": tNow,
  "exp": tEnd,
  "aud": "https://appleid.apple.com",
  "sub": clientId
}
   
var sHeader = JSON.stringify(oHeader);
var sPayload = JSON.stringify(oPayload);
  
var sKey = KEYUTIL.getKey({d: privateKey, curve: 'prime256v1'});  
var sResult = KJUR.jws.JWS.sign('ES256', sHeader, sPayload, sKey);

Next we try to validate the JWT token (it has generated a token) on jwt.io but cannot be verified. Apple search ads also throws a invalid_client message. What am i missing? Does anybody have a clue what I am doing wrong here?

Kind regards,

Jack Kwakman

ANSWER

Answered 2022-Mar-02 at 07:47

The issue is caused by an incorrect import of the key.

The posted key is a PEM encoded private key in SEC1 format. In getKey() the key is passed in JWK format, specifying the raw private key d. The PEM encoded SEC1 key is used as the value for d. This is incorrect because the raw private key is not identical to the SEC1 key, but is merely contained within it.

To fix the problem, the key must be imported correctly. jsrsasign also supports the import of a PEM encoded key in SEC1 format, but then it also needs the EC parameters, s. e.g. here. For prime256v1 aka secp256r1 this is:

-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----

These can be created e.g. with OpenSSL as part of the key generation process:

openssl ecparam -name secp256r1 -genkey

With this, the fixed JavaScript code is:

var tNow = KJUR.jws.IntDate.get('now');
var tEnd = KJUR.jws.IntDate.get('now + 1day');
var teamId = 'SEARCHADS.xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';
var keyId = 'xxxxxx-xxxx-xxxx-xxxxxxxxxxx';
var privateKey = `-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIK1vV4iLOPym9KvJJU5hd6CMEp+DTt8QI7NPBdJSf+VDoAoGCCqGSM49
AwEHoUQDQgAEMpHT+HNKM7zjhx0jZDHyzQlkbLV0xk0H/TFo6gfT23ish58blPNh
YrFI51Q/czvkAwCtLZz/6s1n/M8aA9L1Vg==
-----END EC PRIVATE KEY-----`;
  
var oHeader = {
  "alg": "ES256",
  "kid": keyId
}
  
var oPayload = {
  "iss": teamId,
  "iat": tNow,
  "exp": tEnd,
  "aud": "https://appleid.apple.com",
  "sub": "clientId"
}
   
var sHeader = JSON.stringify(oHeader);
var sPayload = JSON.stringify(oPayload);
  
var sKey = KEYUTIL.getKey(privateKey);  
var sResult = KJUR.jws.JWS.sign('ES256', sHeader, sPayload, sKey);

document.getElementById("jwt").innerHTML = sResult;

<script src="https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/10.4.0/jsrsasign-all-min.js"></script>
<p style="font-family:'Courier New', monospace;" id="jwt"></p>

A JWT generated with this code can be successfully verified on https://jwt.io/ using the following public key (associated with the private key above):

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMpHT+HNKM7zjhx0jZDHyzQlkbLV0
xk0H/TFo6gfT23ish58blPNhYrFI51Q/czvkAwCtLZz/6s1n/M8aA9L1Vg==
-----END PUBLIC KEY-----

Of course, as mentioned in the comment, the private key can also be converted to the PKCS#8 format (e.g. with OpenSSL). The import is likewise possible with getKey() (or alternatively KEYUTIL.getKeyFromPlainPrivatePKCS8PEM()):

var tNow = KJUR.jws.IntDate.get('now');
var tEnd = KJUR.jws.IntDate.get('now + 1day');
var teamId = 'SEARCHADS.xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';
var keyId = 'xxxxxx-xxxx-xxxx-xxxxxxxxxxx';
var privateKey = `-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrW9XiIs4/Kb0q8kl
TmF3oIwSn4NO3xAjs08F0lJ/5UOhRANCAAQykdP4c0ozvOOHHSNkMfLNCWRstXTG
TQf9MWjqB9PbeKyHnxuU82FisUjnVD9zO+QDAK0tnP/qzWf8zxoD0vVW
-----END PRIVATE KEY-----`;
  
var oHeader = {
  "alg": "ES256",
  "kid": keyId
}
  
var oPayload = {
  "iss": teamId,
  "iat": tNow,
  "exp": tEnd,
  "aud": "https://appleid.apple.com",
  "sub": "clientId"
}
   
var sHeader = JSON.stringify(oHeader);
var sPayload = JSON.stringify(oPayload);
  
var sKey = KEYUTIL.getKey(privateKey);  
//var sKey = KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(privateKey); // works also
var sResult = KJUR.jws.JWS.sign('ES256', sHeader, sPayload, sKey);

document.getElementById("jwt").innerHTML = sResult;

<script src="https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/10.4.0/jsrsasign-all-min.js"></script>
<p style="font-family:'Courier New', monospace;" id="jwt"></p>

If the key is imported as JWK, the x and y coordinates of the raw public key must be specified in addition to the raw private key d. These values are most easily determined using an ASN.1 parser such as https://lapo.it/asn1js/. Furthermore, the key type (kty) must be specified and the keyword for the curve identifier is crv:

var tNow = KJUR.jws.IntDate.get('now');
var tEnd = KJUR.jws.IntDate.get('now + 1day');
var teamId = 'SEARCHADS.xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';
var keyId = 'xxxxxx-xxxx-xxxx-xxxxxxxxxxx';
var privateKey = `rW9XiIs4_Kb0q8klTmF3oIwSn4NO3xAjs08F0lJ_5UM`;
var publicKeyX = `MpHT-HNKM7zjhx0jZDHyzQlkbLV0xk0H_TFo6gfT23g`;
var publicKeyY = `rIefG5TzYWKxSOdUP3M75AMArS2c_-rNZ_zPGgPS9VY`;
  
var oHeader = {
  "alg": "ES256",
  "kid": keyId
}
  
var oPayload = {
  "iss": teamId,
  "iat": tNow,
  "exp": tEnd,
  "aud": "https://appleid.apple.com",
  "sub": "clientId"
}
   
var sHeader = JSON.stringify(oHeader);
var sPayload = JSON.stringify(oPayload);
  
var sKey = KEYUTIL.getKey({kty: "EC", d: privateKey, x: publicKeyX, y: publicKeyY, crv: 'prime256v1'});  
var sResult = KJUR.jws.JWS.sign('ES256', sHeader, sPayload, sKey);

document.getElementById("jwt").innerHTML = sResult;

<script src="https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/10.4.0/jsrsasign-all-min.js"></script>
<p style="font-family:'Courier New', monospace;" id="jwt"></p>

The JWTs generated by these codes can be successfully verified on https://jwt.io/ using the public key above.

Source https://stackoverflow.com/questions/71307444

QUESTION

Is it possible to get ISO9796-2 signature with Trailer = 'BC' in Javacard?

Asked 2022-Feb-24 at 10:46

I trying to get the RSA signature as described in Annex A2.1 of EMV book 2. As I understand it was described in ISO9796-2 as scheme 1, option 1. So, the resulting signature should contain a Header equal to '6A' and a Trailer equal to 'BC'.

The algorithms ALG_RSA_SHA_ISO9796 and ALG_RSA_SHA_ISO9796_MR are the only suitable that I could find. But they acting like scheme 1, option 2 with a Trailer equal to '33cc'

Is it possible to get a signature with Trailer = 'BC'?

Javacard example code:

byte[] icc_modulus         = new byte[] {(byte) 0xc4, (byte) 0x02, (byte) 0xed, (byte) 0xf3, (byte) 0x16, (byte) 0x8d, (byte) 0x49, (byte) 0xe4, (byte) 0x14, (byte) 0x96, (byte) 0xf1, (byte) 0xda, (byte) 0x28, (byte) 0x46, (byte) 0xb5, (byte) 0xa1, (byte) 0x7f, (byte) 0x98, (byte) 0xf3, (byte) 0x4d, (byte) 0x6e, (byte) 0x97, (byte) 0xc9, (byte) 0x75, (byte) 0xfc, (byte) 0xdd, (byte) 0xec, (byte) 0xc2, (byte) 0x17, (byte) 0x59, (byte) 0xfa, (byte) 0xe8, (byte) 0x6d, (byte) 0xcc, (byte) 0x14, (byte) 0x95, (byte) 0x37, (byte) 0xc4, (byte) 0x0a, (byte) 0x15, (byte) 0xf3, (byte) 0x84, (byte) 0xaf, (byte) 0x5d, (byte) 0xe7, (byte) 0x6c, (byte) 0x24, (byte) 0x21, (byte) 0xce, (byte) 0x38, (byte) 0x60, (byte) 0x14, (byte) 0xa6, (byte) 0xf4, (byte) 0x2e, (byte) 0x0b, (byte) 0x01, (byte) 0x05, (byte) 0x69, (byte) 0xfc, (byte) 0xa1, (byte) 0xe4, (byte) 0xde, (byte) 0xc8, (byte) 0x86, (byte) 0xe4, (byte) 0x4a, (byte) 0xcb, (byte) 0xd2, (byte) 0x35, (byte) 0xa7, (byte) 0xcf, (byte) 0x57, (byte) 0x71, (byte) 0x66, (byte) 0xae, (byte) 0xb2, (byte) 0xcf, (byte) 0x33, (byte) 0x16, (byte) 0x9a, (byte) 0x57, (byte) 0xd1, (byte) 0xba, (byte) 0x92, (byte) 0x2e, (byte) 0x41, (byte) 0x21, (byte) 0x2a, (byte) 0x78, (byte) 0x49, (byte) 0xec, (byte) 0x3f, (byte) 0x8f, (byte) 0x82, (byte) 0x4c, (byte) 0x50, (byte) 0x7d, (byte) 0x5c, (byte) 0x8c, (byte) 0xed, (byte) 0x1f, (byte) 0x3d, (byte) 0x1b, (byte) 0x54, (byte) 0x11, (byte) 0x38, (byte) 0xd2, (byte) 0xfc, (byte) 0xc4, (byte) 0xeb, (byte) 0x74, (byte) 0x6c, (byte) 0x08, (byte) 0x8b, (byte) 0x50, (byte) 0x09, (byte) 0xa3, (byte) 0xe3, (byte) 0xf5, (byte) 0x79, (byte) 0xa8, (byte) 0x65, (byte) 0xba, (byte) 0xaa, (byte) 0x32, (byte) 0x4f, (byte) 0x39};
byte[] icc_publicExponent  = new byte[] {(byte) 0x00, (byte) 0x00, (byte) 0x03};
byte[] icc_privateExponent = new byte[] {(byte) 0x82, (byte) 0xac, (byte) 0x9e, (byte) 0xa2, (byte) 0x0f, (byte) 0x08, (byte) 0xdb, (byte) 0xed, (byte) 0x63, (byte) 0x0f, (byte) 0x4b, (byte) 0xe6, (byte) 0xc5, (byte) 0x84, (byte) 0x79, (byte) 0x16, (byte) 0x55, (byte) 0x10, (byte) 0xa2, (byte) 0x33, (byte) 0x9f, (byte) 0x0f, (byte) 0xdb, (byte) 0xa3, (byte) 0xfd, (byte) 0xe9, (byte) 0x48, (byte) 0x81, (byte) 0x64, (byte) 0xe6, (byte) 0xa7, (byte) 0x45, (byte) 0x9e, (byte) 0x88, (byte) 0x0d, (byte) 0xb8, (byte) 0xcf, (byte) 0xd8, (byte) 0x06, (byte) 0xb9, (byte) 0x4d, (byte) 0x03, (byte) 0x1f, (byte) 0x93, (byte) 0xef, (byte) 0x9d, (byte) 0x6d, (byte) 0x6b, (byte) 0xde, (byte) 0xd0, (byte) 0x40, (byte) 0x0d, (byte) 0xc4, (byte) 0xa2, (byte) 0xc9, (byte) 0x5c, (byte) 0xab, (byte) 0x58, (byte) 0xf1, (byte) 0x53, (byte) 0x16, (byte) 0x98, (byte) 0x94, (byte) 0x84, (byte) 0x82, (byte) 0xad, (byte) 0x2d, (byte) 0x86, (byte) 0x52, (byte) 0xc1, (byte) 0x01, (byte) 0xd0, (byte) 0xa0, (byte) 0x0f, (byte) 0xa8, (byte) 0x7b, (byte) 0x74, (byte) 0xff, (byte) 0x8c, (byte) 0xa2, (byte) 0x43, (byte) 0x8a, (byte) 0x01, (byte) 0xdb, (byte) 0x9e, (byte) 0x11, (byte) 0xd4, (byte) 0xc5, (byte) 0x6d, (byte) 0xff, (byte) 0xaa, (byte) 0xcd, (byte) 0x1e, (byte) 0x2e, (byte) 0x07, (byte) 0x9c, (byte) 0x39, (byte) 0xb3, (byte) 0x5b, (byte) 0xba, (byte) 0xa9, (byte) 0xab, (byte) 0xf1, (byte) 0xac, (byte) 0x63, (byte) 0xae, (byte) 0x9e, (byte) 0x18, (byte) 0x27, (byte) 0x15, (byte) 0xc4, (byte) 0x19, (byte) 0x06, (byte) 0x75, (byte) 0xa1, (byte) 0x29, (byte) 0x31, (byte) 0x20, (byte) 0xf3, (byte) 0x26, (byte) 0xfb, (byte) 0x5a, (byte) 0xf2, (byte) 0xfe, (byte) 0xce, (byte) 0x27, (byte) 0x41, (byte) 0x8b};
byte[] icc_prime1          = new byte[] {(byte) 0xfa, (byte) 0xce, (byte) 0xcb, (byte) 0x6a, (byte) 0xaa, (byte) 0x82, (byte) 0x83, (byte) 0x4e, (byte) 0x75, (byte) 0x7b, (byte) 0x79, (byte) 0x1d, (byte) 0x89, (byte) 0xc3, (byte) 0x54, (byte) 0xe3, (byte) 0x50, (byte) 0x4f, (byte) 0x8b, (byte) 0x69, (byte) 0x09, (byte) 0xbf, (byte) 0xfd, (byte) 0x20, (byte) 0xd0, (byte) 0x3d, (byte) 0xaf, (byte) 0x0e, (byte) 0x0e, (byte) 0xd9, (byte) 0x7a, (byte) 0x2c, (byte) 0x86, (byte) 0x94, (byte) 0x86, (byte) 0x7d, (byte) 0x5b, (byte) 0x21, (byte) 0x71, (byte) 0x71, (byte) 0xf4, (byte) 0x4e, (byte) 0x87, (byte) 0x23, (byte) 0x25, (byte) 0x81, (byte) 0x84, (byte) 0x13, (byte) 0xe6, (byte) 0xf4, (byte) 0x55, (byte) 0x75, (byte) 0x9d, (byte) 0x22, (byte) 0x6a, (byte) 0x5b, (byte) 0x40, (byte) 0xba, (byte) 0x81, (byte) 0x92, (byte) 0x99, (byte) 0x07, (byte) 0xea, (byte) 0x5d};
byte[] icc_prime2          = new byte[] {(byte) 0xc8, (byte) 0x11, (byte) 0xbb, (byte) 0x17, (byte) 0xab, (byte) 0x91, (byte) 0xa1, (byte) 0xc7, (byte) 0xf1, (byte) 0xde, (byte) 0x70, (byte) 0xd7, (byte) 0xf9, (byte) 0x8c, (byte) 0x8b, (byte) 0x3f, (byte) 0xe4, (byte) 0xb9, (byte) 0x43, (byte) 0x88, (byte) 0x1b, (byte) 0x53, (byte) 0x84, (byte) 0xd8, (byte) 0x35, (byte) 0x3b, (byte) 0x1a, (byte) 0xaa, (byte) 0x83, (byte) 0x70, (byte) 0xfc, (byte) 0xb5, (byte) 0x73, (byte) 0x5b, (byte) 0xcc, (byte) 0x77, (byte) 0x93, (byte) 0x7b, (byte) 0xe1, (byte) 0x26, (byte) 0xca, (byte) 0x3c, (byte) 0xc4, (byte) 0x8b, (byte) 0x9c, (byte) 0xa2, (byte) 0xc1, (byte) 0x3a, (byte) 0xfb, (byte) 0x63, (byte) 0xc4, (byte) 0x1c, (byte) 0xa2, (byte) 0xd0, (byte) 0x0c, (byte) 0xdf, (byte) 0xbf, (byte) 0xe5, (byte) 0x77, (byte) 0xa9, (byte) 0xdb, (byte) 0xef, (byte) 0x82, (byte) 0x8d};
byte[] icc_exponent1       = new byte[] {(byte) 0xa7, (byte) 0x34, (byte) 0x87, (byte) 0x9c, (byte) 0x71, (byte) 0xac, (byte) 0x57, (byte) 0x89, (byte) 0xa3, (byte) 0xa7, (byte) 0xa6, (byte) 0x13, (byte) 0xb1, (byte) 0x2c, (byte) 0xe3, (byte) 0x42, (byte) 0x35, (byte) 0x8a, (byte) 0x5c, (byte) 0xf0, (byte) 0xb1, (byte) 0x2a, (byte) 0xa8, (byte) 0xc0, (byte) 0x8a, (byte) 0xd3, (byte) 0xca, (byte) 0x09, (byte) 0x5f, (byte) 0x3b, (byte) 0xa6, (byte) 0xc8, (byte) 0x59, (byte) 0xb8, (byte) 0x59, (byte) 0xa8, (byte) 0xe7, (byte) 0x6b, (byte) 0xa0, (byte) 0xf6, (byte) 0xa2, (byte) 0xdf, (byte) 0x04, (byte) 0xc2, (byte) 0x19, (byte) 0x01, (byte) 0x02, (byte) 0xb7, (byte) 0xef, (byte) 0x4d, (byte) 0x8e, (byte) 0x4e, (byte) 0x68, (byte) 0xc1, (byte) 0x9c, (byte) 0x3c, (byte) 0xd5, (byte) 0xd1, (byte) 0xab, (byte) 0xb7, (byte) 0x10, (byte) 0xaf, (byte) 0xf1, (byte) 0x93};
byte[] icc_exponent2       = new byte[] {(byte) 0x85, (byte) 0x61, (byte) 0x27, (byte) 0x65, (byte) 0x1d, (byte) 0x0b, (byte) 0xc1, (byte) 0x2f, (byte) 0xf6, (byte) 0x94, (byte) 0x4b, (byte) 0x3a, (byte) 0xa6, (byte) 0x5d, (byte) 0xb2, (byte) 0x2a, (byte) 0x98, (byte) 0x7b, (byte) 0x82, (byte) 0x5a, (byte) 0xbc, (byte) 0xe2, (byte) 0x58, (byte) 0x90, (byte) 0x23, (byte) 0x7c, (byte) 0xbc, (byte) 0x71, (byte) 0xac, (byte) 0xf5, (byte) 0xfd, (byte) 0xce, (byte) 0x4c, (byte) 0xe7, (byte) 0xdd, (byte) 0xa5, (byte) 0x0c, (byte) 0xfd, (byte) 0x40, (byte) 0xc4, (byte) 0x86, (byte) 0xd3, (byte) 0x2d, (byte) 0xb2, (byte) 0x68, (byte) 0x6c, (byte) 0x80, (byte) 0xd1, (byte) 0xfc, (byte) 0xed, (byte) 0x2d, (byte) 0x68, (byte) 0x6c, (byte) 0x8a, (byte) 0xb3, (byte) 0x3f, (byte) 0xd5, (byte) 0x43, (byte) 0xa5, (byte) 0x1b, (byte) 0xe7, (byte) 0xf5, (byte) 0x01, (byte) 0xb3};
byte[] icc_coefficient     = new byte[] {(byte) 0x85, (byte) 0x8d, (byte) 0x98, (byte) 0xdd, (byte) 0xf3, (byte) 0xec, (byte) 0xb5, (byte) 0xba, (byte) 0xd9, (byte) 0xce, (byte) 0x00, (byte) 0x5c, (byte) 0x31, (byte) 0x6c, (byte) 0x96, (byte) 0x16, (byte) 0xf8, (byte) 0x74, (byte) 0x47, (byte) 0x79, (byte) 0x10, (byte) 0x11, (byte) 0x3c, (byte) 0xab, (byte) 0x40, (byte) 0xfc, (byte) 0xca, (byte) 0xcc, (byte) 0x8c, (byte) 0x67, (byte) 0x5d, (byte) 0x90, (byte) 0xa1, (byte) 0xda, (byte) 0x0c, (byte) 0xb6, (byte) 0xdb, (byte) 0x11, (byte) 0x32, (byte) 0x14, (byte) 0x8d, (byte) 0x24, (byte) 0x99, (byte) 0xae, (byte) 0xfd, (byte) 0x63, (byte) 0xb8, (byte) 0x82, (byte) 0x72, (byte) 0x81, (byte) 0x2f, (byte) 0x31, (byte) 0x92, (byte) 0x47, (byte) 0xbe, (byte) 0x46, (byte) 0xde, (byte) 0x9b, (byte) 0x97, (byte) 0xb2, (byte) 0x4e, (byte) 0x40, (byte) 0x41, (byte) 0x8e};

RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_1024, false);
crtKey.clearKey();
crtKey.setP(icc_prime1, (short) 0, (short)icc_prime1.length);
crtKey.setQ(icc_prime2, (short) 0, (short)icc_prime2.length);
crtKey.setDP1(icc_exponent1, (short) 0, (short)icc_exponent1.length);
crtKey.setDQ1(icc_exponent2, (short) 0, (short)icc_exponent2.length);
crtKey.setPQ(icc_coefficient, (short) 0, (short)icc_coefficient.length);

short N = (short)icc_modulus.length;

byte[] in = JCSystem.makeTransientByteArray((short)(N-22), JCSystem.CLEAR_ON_DESELECT);
byte[] out = JCSystem.makeTransientByteArray(N, JCSystem.CLEAR_ON_DESELECT);
Util.arrayFillNonAtomic(in, (short) 0, (short) (N-22), (byte)0xBB);
in[0] = (byte)0xA1;
in[1] = (byte)0xA2;
in[2] = (byte)0xA3;


Signature sig = Signature.getInstance(Signature.ALG_RSA_SHA_ISO9796, false);
sig.init(crtKey, Signature.MODE_SIGN);
short sigLen = sig.sign(in, (short)0, (short)(N-22), out, (short) 0);

To verify signature I use OpenSSL:

openssl rsautl -verify -raw -inkey icc_key.pem -in sig_file.bin

message = a1a2a3bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
signature = 6aa1a2a3bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb8313b42003699d54fbe069fa294a596d6f47864333cc
header = 6A
trailer = 33CC <- I need a trailer to be equal to 'BC'

ANSWER

Answered 2022-Feb-24 at 10:46

You can generate such signature using Cipher.ALG_RSA_NOPAD in decrypt mode.

Pseudocode:

RSAPrivateCrtKey privateKey = ...;
Cipher cipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false);
cipher.init(privateKey, Cipher.MODE_DECRYPT);

// Make signature (X being size of modulus in bytes)
byte[] inputBuffer,outputBuffer = ...;
inputBuffer[0]=(byte)0x6A;
inputBuffer[1..X-2]=...rest of your data;
inputBuffer[X-1]=(byte)0xBC;
cipher.doFinal(inputBuffer, (short)0, X, inputBuffer, outputBuffer, outputOffset);

Good luck with your project!

Source https://stackoverflow.com/questions/71243483

QUESTION

How to transfer custom SPL token by '@solana/web3.js' and '@solana/sol-wallet-adapter'

Asked 2022-Jan-29 at 21:02

Hello I am trying to transfer a custom SPL token with the solana-wallet adapter. However i am having trouble getting the wallet's secret key/signing the transaction.

I've looked at these answers for writing the transfer code but i need to get the Singer and i have trouble figuring out how with solana-wallet adapter. These examples hardcode the secret key and since i'm using a wallet extension this is not possible.

How can you transfer SOL using the web3.js sdk for Solana?

How to transfer custom token by '@solana/web3.js'

according to this issue on the webadapter repo https://github.com/solana-labs/wallet-adapter/issues/120 you need to:

Create a @solana/web3.js Transaction object and add instructions to it
Sign the transaction with the wallet
Send the transaction over a Connection

But i am having difficulty finding examples or documentation as to how to do step 1 and 2.

const SendTransaction: React.FC<Props> = ({ children }) => {
    const { connection } = useConnection()
    const { publicKey, sendTransaction } = useWallet()

    const onSendSPLTransaction = useCallback(
        async (toPubkey: string, amount: number) => {
            if (!toPubkey || !amount) return
            const toastId = toast.loading('Processing transaction...')

            try {
                if (!publicKey) throw new WalletNotConnectedError()
                const toPublicKey = new PublicKey(toPubkey)
                const mint = new PublicKey('Mint address')
                const payer = '????' // how to get this Signer
                const token = new Token(connection, mint, TOKEN_PROGRAM_ID, payer)
                const fromTokenAccount = await token.getOrCreateAssociatedAccountInfo(publicKey)
                const toTokenAccount = await token.getOrCreateAssociatedAccountInfo(toPublicKey)

                const transaction = new Transaction().add(
                    Token.createTransferInstruction(
                        TOKEN_PROGRAM_ID,
                        fromTokenAccount.address,
                        toTokenAccount.address,
                        publicKey,
                        [],
                        0
                    )
                )

                const signature = await sendTransaction(transaction, connection)

                const response = await connection.confirmTransaction(signature, 'processed')
                console.log('response', response)
                toast.success('Transaction sent', {
                    id: toastId,
                })
            } catch (error) {
                toast.error(`Transaction failed: ${error.message}`, {
                    id: toastId,
                })
            }
        },
        [publicKey, sendTransaction, connection]
    )

    return <>{children(onSendSPLTransaction)}</>
}

Update

I posted the question on the github repo of sol-wallet-adapter and got this response: https://github.com/solana-labs/wallet-adapter/issues/189

ANSWER

Answered 2021-Dec-06 at 13:51

So i found a way to do this, it requires some cleanup and error handling but allows for a custom token transaction via @solana/wallet-adapter.

// sendTransaction.tsx
import { WalletNotConnectedError } from '@solana/wallet-adapter-base'
import { useConnection, useWallet } from '@solana/wallet-adapter-react'
import { Transaction, PublicKey, LAMPORTS_PER_SOL } from '@solana/web3.js'
import React, { useCallback } from 'react'
import { toast } from 'react-hot-toast'
import { TOKEN_PROGRAM_ID } from '@solana/spl-token'
import { getOrCreateAssociatedTokenAccount } from './getOrCreateAssociatedTokenAccount'
import { createTransferInstruction } from './createTransferInstructions'

interface Props {
    children: (sendTransaction: OnSendTransaction) => React.ReactNode
}

type OnSendTransaction = (toPublicKey: string, amount: number) => void

// Docs: https://github.com/solana-labs/solana-program-library/pull/2539/files
// https://github.com/solana-labs/wallet-adapter/issues/189
// repo: https://github.com/solana-labs/example-token/blob/v1.1/src/client/token.js
// creating a token for testing: https://learn.figment.io/tutorials/sol-mint-token
const SendTransaction: React.FC<Props> = ({ children }) => {
    const { connection } = useConnection()
    const { publicKey, signTransaction, sendTransaction } = useWallet()

    const onSendSPLTransaction = useCallback(
        async (toPubkey: string, amount: number) => {
            if (!toPubkey || !amount) return
            const toastId = toast.loading('Processing transaction...')

            try {
                if (!publicKey || !signTransaction) throw new WalletNotConnectedError()
                const toPublicKey = new PublicKey(toPubkey)
                const mint = new PublicKey('MINT ADDRESS')

                const fromTokenAccount = await getOrCreateAssociatedTokenAccount(
                    connection,
                    publicKey,
                    mint,
                    publicKey,
                    signTransaction
                )

                const toTokenAccount = await getOrCreateAssociatedTokenAccount(
                    connection,
                    publicKey,
                    mint,
                    toPublicKey,
                    signTransaction
                )

                const transaction = new Transaction().add(
                    createTransferInstruction(
                        fromTokenAccount.address, // source
                        toTokenAccount.address, // dest
                        publicKey,
                        amount * LAMPORTS_PER_SOL,
                        [],
                        TOKEN_PROGRAM_ID
                    )
                )

                const blockHash = await connection.getRecentBlockhash()
                transaction.feePayer = await publicKey
                transaction.recentBlockhash = await blockHash.blockhash
                const signed = await signTransaction(transaction)

                await connection.sendRawTransaction(signed.serialize())

                toast.success('Transaction sent', {
                    id: toastId,
                })
                // eslint-disable-next-line @typescript-eslint/no-explicit-any
            } catch (error: any) {
                toast.error(`Transaction failed: ${error.message}`, {
                    id: toastId,
                })
            }
        },
        [publicKey, sendTransaction, connection]
    )

    return <>{children(onSendSPLTransaction)}</>
}

export default SendTransaction

// getOrCreateAssociatedTokenAccount.ts
import { TOKEN_PROGRAM_ID, ASSOCIATED_TOKEN_PROGRAM_ID } from '@solana/spl-token'
import { SignerWalletAdapterProps } from '@solana/wallet-adapter-base'
import { Connection, PublicKey, Commitment, Transaction } from '@solana/web3.js'
import { createAssociatedTokenAccountInstruction } from './createAssociatedTokenAccountInstruction'
import { getAccountInfo } from './getAccountInfo'
import { getAssociatedTokenAddress } from './getAssociatedTokerAddress'

export async function getOrCreateAssociatedTokenAccount(
    connection: Connection,
    payer: PublicKey,
    mint: PublicKey,
    owner: PublicKey,
    signTransaction: SignerWalletAdapterProps['signTransaction'],
    allowOwnerOffCurve = false,
    commitment?: Commitment,
    programId = TOKEN_PROGRAM_ID,
    associatedTokenProgramId = ASSOCIATED_TOKEN_PROGRAM_ID
) {
    const associatedToken = await getAssociatedTokenAddress(
        mint,
        owner,
        allowOwnerOffCurve,
        programId,
        associatedTokenProgramId
    )

    // This is the optimal logic, considering TX fee, client-side computation, RPC roundtrips and guaranteed idempotent.
    // Sadly we can't do this atomically.
    let account
    try {
        account = await getAccountInfo(connection, associatedToken, commitment, programId)
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
    } catch (error: any) {
        // TokenAccountNotFoundError can be possible if the associated address has already received some lamports,
        // becoming a system account. Assuming program derived addressing is safe, this is the only case for the
        // TokenInvalidAccountOwnerError in this code path.
        if (error.message === 'TokenAccountNotFoundError' || error.message === 'TokenInvalidAccountOwnerError') {
            // As this isn't atomic, it's possible others can create associated accounts meanwhile.
            try {
                const transaction = new Transaction().add(
                    createAssociatedTokenAccountInstruction(
                        payer,
                        associatedToken,
                        owner,
                        mint,
                        programId,
                        associatedTokenProgramId
                    )
                )

                const blockHash = await connection.getRecentBlockhash()
                transaction.feePayer = await payer
                transaction.recentBlockhash = await blockHash.blockhash
                const signed = await signTransaction(transaction)

                const signature = await connection.sendRawTransaction(signed.serialize())

                await connection.confirmTransaction(signature)
            } catch (error: unknown) {
                // Ignore all errors; for now there is no API-compatible way to selectively ignore the expected
                // instruction error if the associated account exists already.
            }

            // Now this should always succeed
            account = await getAccountInfo(connection, associatedToken, commitment, programId)
        } else {
            throw error
        }
    }

    if (!account.mint.equals(mint.toBuffer())) throw Error('TokenInvalidMintError')
    if (!account.owner.equals(owner.toBuffer())) throw new Error('TokenInvalidOwnerError')

    return account
}

// createAssociatedTokenAccountInstruction.ts
import { TOKEN_PROGRAM_ID, ASSOCIATED_TOKEN_PROGRAM_ID } from '@solana/spl-token'
import { PublicKey, TransactionInstruction, SystemProgram, SYSVAR_RENT_PUBKEY } from '@solana/web3.js'

export function createAssociatedTokenAccountInstruction(
    payer: PublicKey,
    associatedToken: PublicKey,
    owner: PublicKey,
    mint: PublicKey,
    programId = TOKEN_PROGRAM_ID,
    associatedTokenProgramId = ASSOCIATED_TOKEN_PROGRAM_ID
): TransactionInstruction {
    const keys = [
        { pubkey: payer, isSigner: true, isWritable: true },
        { pubkey: associatedToken, isSigner: false, isWritable: true },
        { pubkey: owner, isSigner: false, isWritable: false },
        { pubkey: mint, isSigner: false, isWritable: false },
        { pubkey: SystemProgram.programId, isSigner: false, isWritable: false },
        { pubkey: programId, isSigner: false, isWritable: false },
        { pubkey: SYSVAR_RENT_PUBKEY, isSigner: false, isWritable: false },
    ]

    return new TransactionInstruction({
        keys,
        programId: associatedTokenProgramId,
        data: Buffer.alloc(0),
    })
}

// createTransferInstructions.ts
import { TOKEN_PROGRAM_ID } from '@solana/spl-token'
import { AccountMeta, PublicKey, Signer, TransactionInstruction } from '@solana/web3.js'
import BufferLayout from 'buffer-layout'
import BN from 'bn.js'

export enum TokenInstruction {
    InitializeMint = 0,
    InitializeAccount = 1,
    InitializeMultisig = 2,
    Transfer = 3,
    Approve = 4,
    Revoke = 5,
    SetAuthority = 6,
    MintTo = 7,
    Burn = 8,
    CloseAccount = 9,
    FreezeAccount = 10,
    ThawAccount = 11,
    TransferChecked = 12,
    ApproveChecked = 13,
    MintToChecked = 14,
    BurnChecked = 15,
    InitializeAccount2 = 16,
    SyncNative = 17,
    InitializeAccount3 = 18,
    InitializeMultisig2 = 19,
    InitializeMint2 = 20,
}

/**
 * Construct a Transfer instruction
 *
 * @param source       Source account
 * @param destination  Destination account
 * @param owner        Owner of the source account
 * @param amount       Number of tokens to transfer
 * @param multiSigners Signing accounts if `owner` is a multisig
 * @param programId    SPL Token program account
 *
 * @return Instruction to add to a transaction
 */
export function createTransferInstruction(
    source: PublicKey,
    destination: PublicKey,
    owner: PublicKey,
    amount: number,
    multiSigners: Signer[] = [],
    programId = TOKEN_PROGRAM_ID
): TransactionInstruction {
    const dataLayout = BufferLayout.struct([BufferLayout.u8('instruction'), BufferLayout.blob(8, 'amount')])

    const keys = addSigners(
        [
            { pubkey: source, isSigner: false, isWritable: true },
            { pubkey: destination, isSigner: false, isWritable: true },
        ],
        owner,
        multiSigners
    )

    const data = Buffer.alloc(dataLayout.span)
    dataLayout.encode(
        {
            instruction: TokenInstruction.Transfer,
            amount: new TokenAmount(amount).toBuffer(),
        },
        data
    )

    return new TransactionInstruction({ keys, programId, data })
}

export function addSigners(keys: AccountMeta[], ownerOrAuthority: PublicKey, multiSigners: Signer[]): AccountMeta[] {
    if (multiSigners.length) {
        keys.push({ pubkey: ownerOrAuthority, isSigner: false, isWritable: false })
        for (const signer of multiSigners) {
            keys.push({ pubkey: signer.publicKey, isSigner: true, isWritable: false })
        }
    } else {
        keys.push({ pubkey: ownerOrAuthority, isSigner: true, isWritable: false })
    }
    return keys
}

class TokenAmount extends BN {
    /**
     * Convert to Buffer representation
     */
    toBuffer(): Buffer {
        const a = super.toArray().reverse()
        const b = Buffer.from(a)
        if (b.length === 8) {
            return b
        }

        if (b.length >= 8) {
            throw new Error('TokenAmount too large')
        }

        const zeroPad = Buffer.alloc(8)
        b.copy(zeroPad)
        return zeroPad
    }

    /**
     * Construct a TokenAmount from Buffer representation
     */
    static fromBuffer(buffer: Buffer): TokenAmount {
        if (buffer.length !== 8) {
            throw new Error(`Invalid buffer length: ${buffer.length}`)
        }

        return new BN(
            [...buffer]
                .reverse()
                .map((i) => `00${i.toString(16)}`.slice(-2))
                .join(''),
            16
        )
    }
}

// getAccountInfo.ts
import { TOKEN_PROGRAM_ID, AccountLayout } from '@solana/spl-token'
import { Connection, PublicKey, Commitment } from '@solana/web3.js'

export enum AccountState {
    Uninitialized = 0,
    Initialized = 1,
    Frozen = 2,
}

export async function getAccountInfo(
    connection: Connection,
    address: PublicKey,
    commitment?: Commitment,
    programId = TOKEN_PROGRAM_ID
) {
    const info = await connection.getAccountInfo(address, commitment)
    if (!info) throw new Error('TokenAccountNotFoundError')
    if (!info.owner.equals(programId)) throw new Error('TokenInvalidAccountOwnerError')
    if (info.data.length != AccountLayout.span) throw new Error('TokenInvalidAccountSizeError')

    const rawAccount = AccountLayout.decode(Buffer.from(info.data))

    return {
        address,
        mint: rawAccount.mint,
        owner: rawAccount.owner,
        amount: rawAccount.amount,
        delegate: rawAccount.delegateOption ? rawAccount.delegate : null,
        delegatedAmount: rawAccount.delegatedAmount,
        isInitialized: rawAccount.state !== AccountState.Uninitialized,
        isFrozen: rawAccount.state === AccountState.Frozen,
        isNative: !!rawAccount.isNativeOption,
        rentExemptReserve: rawAccount.isNativeOption ? rawAccount.isNative : null,
        closeAuthority: rawAccount.closeAuthorityOption ? rawAccount.closeAuthority : null,
    }
}

// getAssociatedTokerAddress.ts
import { TOKEN_PROGRAM_ID, ASSOCIATED_TOKEN_PROGRAM_ID } from '@solana/spl-token'
import { PublicKey } from '@solana/web3.js'

export async function getAssociatedTokenAddress(
    mint: PublicKey,
    owner: PublicKey,
    allowOwnerOffCurve = false,
    programId = TOKEN_PROGRAM_ID,
    associatedTokenProgramId = ASSOCIATED_TOKEN_PROGRAM_ID
): Promise<PublicKey> {
    if (!allowOwnerOffCurve && !PublicKey.isOnCurve(owner.toBuffer())) throw new Error('TokenOwnerOffCurveError')

    const [address] = await PublicKey.findProgramAddress(
        [owner.toBuffer(), programId.toBuffer(), mint.toBuffer()],
        associatedTokenProgramId
    )

    return address
}

Hope this helps others. If any one has any remarks pointers please comment.

Source https://stackoverflow.com/questions/70224185

QUESTION

Why are signatures created with ecdsa Python library not valid with coincurve?

Asked 2021-Dec-25 at 14:41

I'm switching from the pure Python ecdsa library to the much faster coincurve library for signing data. I would also like to switch to coincurve for verifying the signatures (including the old signatures created by the ecdsa library).

It appears that signatures created with ecdsa are not (always?) valid in coincurve. Could someone please explain why this is not working? Also, it seems that cryptography library is able to validate both ecdsa signatures and coincurve signatures without issues, consistently.

What is even more confusing, if you run below script a few times, is that sometimes it prints point 3 and other times it does not. Why would coincurve only occasionally find the signature valid?

pip install ecdsa cryptography coincurve

import ecdsa
import hashlib
import coincurve
from coincurve.ecdsa import deserialize_compact, cdata_to_der
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric.utils import Prehashed

ecdsa_private_key = ecdsa.SigningKey.generate(ecdsa.SECP256k1, None, hashlib.sha256)
ecdsa_pub = ecdsa_private_key.get_verifying_key()
message = b"Hello world!"
digest = hashlib.sha256(message).digest()
serialized_signature = ecdsa_private_key.sign_digest_deterministic(digest, hashfunc=hashlib.sha256)

signature = cdata_to_der(deserialize_compact(serialized_signature))
cc_private_key = coincurve.PrivateKey(ecdsa_private_key.to_string())
cc_pub = cc_private_key.public_key
crypto_pub = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256K1(), cc_pub.format(True))

if ecdsa_pub.verify_digest(serialized_signature, digest) is True:
    print("1. ecdsa can validate its own signature")

crypto_pub.verify(signature, digest, ec.ECDSA(Prehashed(hashes.SHA256())))
print("2. cryptography can validate ecdsa signature (raises exception if not valid)")

if cc_pub.verify(signature, digest, None) is False:
    print("3. coincurve will not validate ecdsa signature")

signature = cc_private_key.sign(digest, None)

crypto_pub.verify(signature, digest, ec.ECDSA(Prehashed(hashes.SHA256())))
print("4. cryptography can validate coincurve signature (raises exception if not valid)")

if cc_pub.verify(signature, digest, None) is True:
    print("5. coincurve will validate its own signature")

ANSWER

Answered 2021-Dec-25 at 14:41

Bitcoin and the coincurve library use canonical signatures while this is not true for the ecdsa library.

What does canonical signature mean?
In general, if (r,s) is a valid signature, then (r,s') := (r,-s mod n) is also a valid signature (n is the order of the base point).
A canonical signature uses the value s' = -s mod n = n - s instead of s, i.e. the signature (r, n-s), if s > n/2, s. e.g. here.

All signatures from the ecdsa library that were not been successfully validated by the coincurve library in your test program have an s > n/2 and thus are not canonical, whereas those that were successfully validated are canonical.

So the fix is simply to canonize the signature of the ecdsa library, e.g.:

def canonize(s_bytes):
  n = 115792089237316195423570985008687907852837564279074904382605163141518161494337
  s = int.from_bytes(s_bytes, byteorder='big')
  if s > n//2:
    s = n - s
  return s.to_bytes(32, byteorder='big')

...  
serialized_signature = serialized_signature[:32] + canonize(serialized_signature[32:]) # Fix: canonize
signature = cdata_to_der(deserialize_compact(serialized_signature))
...

With this fix, the coincurve library successfully validates all signatures from the ecdsa library in your test program.

Source https://stackoverflow.com/questions/70477905

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install coldcore

Not super familiar with the commandline? On macOS? Check out the easy setup tutorial here.
Buy a Coldcard
Download, install, and sync Bitcoin Core
Ensure Python 3.7+ is on your system: $ python3 --version and if not, install it. macOS: install homebrew, run brew install python3 Linux
Clone this repo: git clone https://github.com/jamesob/coldcore
Make coldcore executable and run it cd coldcore; chmod +x coldcore; ./coldcore --help
Optionally, install coldcore to your path cp coldcore ~/.local/bin/coldcore # or somewhere on your PATH
Boot 'er up coldcore
Receive my keys in GPG: gpg --keyserver keyserver.ubuntu.com --recv-keys 0x25F27A38A47AD566 You can verify this fingerprint on my Twitter: https://twitter.com/jamesob
Get the sigs for the release: Get the signature curl -O http://img.jameso.be/sigs/coldcore-$(./coldcore --version | cut -d' ' -f2).asc Verify the signature gpg coldcore-[version].asc Ensure it matches sha256sum coldcore
As long as you have Bitcoin Core and a Python 3.7+ installation, you're ready to go. No dealing with package managers, no worrying about dependencies, no setting up an indexing server. This is just stdlib Python that likely shipped with your OS. We let Core and Coldcard do the heavy lifting.

Support

This library will only support air-gapped interaction with hardware wallets that are opensource. Right now, that means that Coldcard is the only key storage mechanism supported, but I'm happy to add others that fit the criteria of.