-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
secp256k1: Bumping into private keys of 31 bytes in length #63
Comments
hmm, I hate this curve... I tend to try to align with: https://tools.ietf.org/html/rfc8812#section-3.1
If you are saying our library is generating private keys that are not 32 bytes its a bug in our library... Our library should throw if you try to import a key that does not match rfc8812.... regardless of jwk, hex or base58 encoding. Are you saying we should be checking array length here? |
Hmm, it looks like we already doing this size check in the loop while generation. I'm bumping into this error for const jws = await signDetached(buffer, privateKeyJwk, {
b64: false,
crit: [ 'b64' ],
alg
}) — with keys that have been generated by the same library. So it looks like something goes wrong here with Should we prepend leading zero here for 31 bytes buffers: https://github.com/transmute-industries/did-key.js/blob/master/packages/secp256k1/src/keyUtils.ts#L177 ? |
@alexkravets thanks, can you provide example JSON / hex? |
nvm :) was able to reproduce:
|
@OR13 yes, here is an example: Seed is generated via: crypto.randomBytes(32).toString('hex') This give a key pair that fails to sign: const keyPair = await KeyPair.generate({
secureRandom: () => Buffer.from('00cc29ad08a78a97a68f0164cece3d82d48f42c089937074a977eba21f4d94c6', 'hex')
}) |
@alexkravets this should be fixed in the latest unstable, but I will try and add your exact test case before closing this issue as resolved. |
K, I’ll test it out tomorrow. Thank you for addressing these issues!
- A
… On 9 Feb 2021, at 00:04, Orie Steele ***@***.***> wrote:
@alexkravets this should be fixed in the latest unstable, but I will try and add your exact test case before closing this issue as resolved.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
@OR13 is looks like we've changed the interface for const payload = await verify(token, publicKeyJwk) Code above doesn't work anymore, as So in order to pull const { header: { kid }, payload: { iss: issuer } } = await decode(token, { complete: true })
// NOTE: use kid and issuer to get publicKeyJwk ...
const isValid = await verify(token, publicKeyJwk)
if (isValid) {
return payload
}
throw new Error('Invalid token') Is this intentional? Doesn't look very convenient for the cases when you have key on hands and need to verify and get payload. Looking at this as a reference for verify method: https://www.npmjs.com/package/jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback |
@alexkravets yes, my interpretation was that you wanted a consistent interface for both Are you saying you want:
It's easy for us to fix. |
K, so in my project I was switching from I'm not sure which implementation should be considered as primary. You've made a change that makes it work as in In general, I think throwing exception is better, cause this way you can throw different reasons of verification failure. Otherwise, if function returns |
@alexkravets I would generally advise against I think for verifyDetached a boolean makes sense, and for consistency with other JWT libraries, maybe IMO, exceptions are less functional, and I would prefer to return a boolean for simple crypto operations... but Would this work for you:
I can make sure its handled like this everywhere. |
Yes, this would work. The reason why I've switched to Btw, there is something going with dependencies, as having |
hmm, probably an issue with peerDependencies... please open a separate issue. |
Created here: #70 |
While testing secp256k1 I'm randomly bumping into an issue with private key size:
Size of the key in my case is 31. Looks to be related to this issue: https://stackoverflow.com/questions/62938091/why-are-secp256k1-privatekeys-not-always-32-bytes-in-nodejs
secp256k1
library throws the exception here: https://github.com/cryptocoinjs/secp256k1-node/blob/master/lib/index.js#L254Seems like solution to this would add 00 to the beginning of the array: https://github.com/transmute-industries/did-key.js/blob/master/packages/secp256k1/src/keyUtils.ts#L175
Or should that be addressed in
secp256k1-node
?The text was updated successfully, but these errors were encountered: