OpenSSL Sign and Verify in C with RAW EC generated Keys

问题

I generate my EC private key as random number and my EC public key as the multiplication of the generator for the random number.

Now I would to use these keys to sign and verify a message, but the operation about the verification fails. Do you have any hint to solve this problem?

I'm using OpenSSL 1.0.0 for some constraints. I cannot switch the new one.

#include <openssl/ec.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <stdio.h>
#include <string.h>

int main()
{
    BN_CTX *ctx;
    EC_GROUP *curve;
    BIGNUM *q = NULL;

    EVP_MD_CTX *hashctx;
    unsigned int ol;
    unsigned char fh[EVP_MAX_MD_SIZE];

    BIGNUM *priv = NULL;
    EC_POINT *G, *pub;

    EC_KEY *keypriv = EC_KEY_new();
    EC_KEY *keypub = EC_KEY_new();

    unsigned char *s1 = "hello";

    // makes all algorithms available to the EVP* routines
    OpenSSL_add_all_algorithms();

    // load the error strings for ERR_error_string
    ERR_load_crypto_strings();
    hashctx = EVP_MD_CTX_new();

    const EVP_MD *hashptr = EVP_get_digestbyname("SHA256");

    EVP_DigestInit_ex(hashctx, hashptr, NULL);
    EVP_DigestUpdate(hashctx, s1, strlen(s1));
    EVP_DigestFinal_ex(hashctx, fh, &ol);

    // seed PRNG
    if (RAND_load_file("/dev/urandom", 256) < 64)
    {
        printf("Can't seed PRNG!\n");
        abort();
    }

    ctx = BN_CTX_new();
    q   = BN_new();

    // read the generator and order of the curve
    curve   = EC_GROUP_new_by_curve_name(NID_secp160r1);
    G       = EC_GROUP_get0_generator(curve);
    EC_GROUP_get_order(curve, q, ctx);

    // precompute multiples of g (faster multiplications)
    EC_GROUP_precompute_mult(curve, ctx);

    EC_KEY_set_group(keypriv, curve);

    pub     = EC_POINT_new(curve);
    priv    = BN_new();
    BN_rand_range(priv, q);
    EC_POINT_mul(curve, pub, NULL, G, priv, ctx);


    EC_KEY_set_private_key(keypriv, priv);
    EC_KEY_set_public_key(keypub, pub);


    ECDSA_SIG *signature = ECDSA_do_sign(fh, 64, keypriv);
    if (NULL == signature)
    {
        printf("Failed to generate EC Signature\n");
    }
    else
    {
        int verify_status = ECDSA_do_verify(fh, 64, signature, keypub);
        const int verify_success = 1;
        if (verify_success != verify_status)
        {
            printf("Failed to verify EC Signature\n");
        }
        else
        {
            printf("Verifed EC Signature\n");
        }
        ECDSA_SIG_free(signature);
    }

    return 0;
}

回答1:

I solved just by setting the EC Group for the public key in my code as:

EC_KEY_set_group(keypub, curve);

By the way, I hope that this Q/A can answer also for the first comment in the accepted answer:

How do you verify with just the public part of the eckey?

Signing a message using ECDSA in OpenSSL

来源：https://stackoverflow.com/questions/62300337/openssl-sign-and-verify-in-c-with-raw-ec-generated-keys