-
Notifications
You must be signed in to change notification settings - Fork 49
Data format examples
The examples for the format of ECC Public Key (referred by Generate Key Pair, Verify signature and ECDH operations) are given below.
- Example for ECC NIST P-256 Public Key [Values are in hex]
// Bit String tag
03
// Length of Bit string tag
42
// Unused bits
00
// Compression format. Supports only 04 [uncompressed]
04
// Public Key (e.g. ECC NIST P-256, 0x40 Bytes)
// Qx - 0x20 Bytes
8B 88 9C 1D D6 07 58 2E D6 F8 2C C2 D9 BE D0 FE
6D F3 24 5E 94 7D 54 CD 20 DC 58 98 CF 51 31 44
// Qy - 0x20 Bytes
22 EA 01 D4 0B 23 B2 45 7C 42 DF 3C FB 0D 33 10
B8 49 B7 AA 0A 85 DE E7 6A F1 AC 31 31 1E 8C 4B
- Example for ECC NIST P-384 Public Key [Values are in hex]
// Bit String tag
03
// Length of Bit string tag
62
// Unused bits
00
// Compression format. Supports only 04 [uncompressed]
04
// Public Key (e.g. ECC NIST P-384, 0x60 Bytes)
// Qx - 0x30 Bytes
1F 94 EB 6F 43 9A 38 06 F8 05 4D D7 91 24 84 7D
13 8D 14 D4 F5 2B AC 93 B0 42 F2 EE 3C DB 7D C9
E0 99 25 C2 A5 FE E7 0D 4C E0 8C 61 E3 B1 91 60
// Qy - 0x30 Bytes
1C 4F D1 11 F6 E3 33 03 06 94 21 DE B3 1E 87 31
26 BE 35 EE B4 36 FE 20 34 85 6A 3E D1 E8 97 F2
6C 84 6E E3 23 3C D1 62 40 98 9A 79 90 C1 9D 8C
The examples for the format of RSA Public Key (referred by Generate Key Pair, Verify signature and Asymmetric Encryption operations) are given below.
- Example for RSA 1024 Exponential Public Key (modulus and public exponent) [Values are in hex]
// Bit string tag
03
// Bit String tag Length
81 8E
// Unused Bits
00
// SEQUENCE
30
// Length
81 8A
// Integer tag (Modulus)
02
// Length of Modulus
81 81
// Modulus
00
A1 D4 6F BA 23 18 F8 DC EF 16 C2 80 94 8B 1C F2
79 66 B9 B4 72 25 ED 29 89 F8 D7 4B 45 BD 36 04
9C 0A AB 5A D0 FF 00 35 53 BA 84 3C 8E 12 78 2F
C5 87 3B B8 9A 3D C8 4B 88 3D 25 66 6C D2 2B F3
AC D5 B6 75 96 9F 8B EB FB CA C9 3F DD 92 7C 74
42 B1 78 B1 0D 1D FF 93 98 E5 23 16 AA E0 AF 74
E5 94 65 0B DC 3C 67 02 41 D4 18 68 45 93 CD A1
A7 B9 DC 4F 20 D2 FD C6 F6 63 44 07 40 03 E2 11
// Integer tag for Public Exponent
02
// Length of Public Exponent
04
// Public Exponent
00 01 00 01
Notes:
- The size of Modulus component is based on the key size chosen. (e.g. in case of RSA 1024, size is 128 bytes and for RSA 2048, size is 256 bytes)
- If the first byte of Modulus is greater than 0x7F (negative integer), then 0x00 gets prepended while coding as it is in Integer format.
The examples for format of ECC Private Key exported as part of Generate Key Pair are given below.
- Example for ECC NIST P-256 Private Key [Values are in hex]
// DER OCTET String Tag (Private Key)
04
// Length of Tag
20
// Private Key
20 DC 58 98 CF 51 31 44 22 EA 01 D4 0B 23 B2 45
7C 42 DF 3C FB 0D 33 10 B8 49 B7 AA 0A 85 DE E7
- Example for ECC NIST P-384 Private Key [Values are in hex]
// DER OCTET String Tag (Private Key)
04
// Length of Tag
30
// Private Key
53 94 F7 97 3E A8 68 C5 2B F3 FF 8D 8C EE B4 DB
90 A6 83 65 3B 12 48 5D 5F 62 7C 3C E5 AB D8 97
8F C9 67 3D 14 A7 1D 92 57 47 93 16 62 49 3C 37
The examples for the format of RSA Private key (Private Exponent) exported as part of optiga_crypt_rsa_generate_keypair
(export private key = True) are given below.
For RSA 1024, the length of the Private exponent is 128 bytes. For RSA 2048, the length of the Private exponent is 256 bytes.
- Example for RSA 1024 exponential - Private Key (Private Exponent) [Values are in hex]
// DER OCTET String Tag (Private Exponent)
04
// Length of Tag
81 80
// Private Exponent (0x80 Bytes)
53 33 9C FD B7 9F C8 46 6A 65 5C 73 16 AC A8 5C
55 FD 8F 6D D8 98 FD AF 11 95 17 EF 4F 52 E8 FD
8E 25 8D F9 3F EE 18 0F A0 E4 AB 29 69 3C D8 3B
15 2A 55 3D 4A C4 D1 81 2B 8B 9F A5 AF 0E 7F 55
FE 73 04 DF 41 57 09 26 F3 31 1F 15 C4 D6 5A 73
2C 48 31 16 EE 3D 3D 2D 0A F3 54 9A D9 BF 7C BF
B7 8A D8 84 F8 4D 5B EB 04 72 4D C7 36 9B 31 DE
F3 7D 0C F5 39 E9 CF CD D3 DE 65 37 29 EA D5 D1
- Example for RSA 2048 exponential - Private key (Private Exponent) [Values are in hex]
// DER OCTET String Tag (Private Exponent)
04
// Length of Tag
82 01 00
// Private Exponent (0x100 Bytes)
21 95 08 51 CD F2 53 20 31 8B 30 5A FA 0F 37 1F
07 AE 5A 44 B3 14 EB D7 29 F5 DC B1 5D A7 FA 39
47 AC DD 91 5D AE D5 74 BD 16 DF 88 BF 85 F6 10
60 B3 87 17 2F AE 6E 01 26 2B 38 64 C2 D3 C2 2F
94 E0 4A 81 59 42 2B 4E D2 79 C4 8A 4C 9D 76 7D
49 66 07 1A 5B BF 5D 04 3E 16 FF 46 EC 1B A0 71
6F 00 BB C9 7B FF 5D 56 93 E2 14 E9 9C 97 21 F1
2B 3E C6 28 2A E2 A4 85 72 1B 96 DD CF 74 03 FA
03 7D 0C 57 AB 46 3C 44 8D E5 CC 12 26 5A DD 88
6D 31 1E A8 D8 A5 90 3F A5 6C 5F 1C 9C F2 EB 11
CB 65 7A 1A 7D 3E 41 35 2D C3 E6 86 89 8C 4C E4
30 5E 8B 63 8E 1B 08 A2 A8 6C C9 EB 98 66 F3 49
9A C7 7B 61 36 B8 1C B2 76 D6 14 CF EB 7B 6E D3
F3 BC 77 5E 46 C0 00 66 EB EE E2 CF F7 16 6B 57
52 05 98 94 7F F6 21 03 20 B2 88 FB 4F 2C 3F 8F
E9 7B 27 94 14 EB F7 20 30 00 A1 9F C0 42 48 75
The examples for format of ECDSA Signature (referred by Signature generation and verification operations) are given below.
- Example for signature in case of ECC NIST P-256 key [Values are in hex]
// Integer tag for R component
02
// Length
20
// R Component
2B 82 6F 5D 44 E2 D0 B6 DE 53 1A D9 6B 51 E8 F0
C5 6F DF EA D3 C2 36 89 2E 4D 84 EA CF C3 B7 5C
// Integer tag for S component
02
// Length
21
// S Component
00
A2 24 8B 62 C0 3D B3 5A 7C D6 3E 8A 12 0A 35 21
A8 9D 3D 2F 61 FF 99 03 5A 21 48 AE 32 E3 A2 48
- Example for signature in case of ECC NIST P-384 key [Values are in hex]
//Integer tag for R component
02
// Length
31
//R Component
00
C3 6E 5F 0D 3D E7 14 11 E6 E5 19 F6 3E 0F 56 CF
F4 32 33 0A 04 FE FE F2 99 3F DB 56 34 3E 49 F2
F7 DB 5F CA B7 72 8A CC 1E 33 D4 69 25 53 C0 2E
//Integer tag for S component
02
// Length
30
//S Component
0D 40 64 39 9D 58 CD 77 1A B9 42 0D 43 87 57 F5
93 6C 38 08 E9 70 81 E4 57 BC 86 2A 0C 90 52 95
DC A6 0E E9 4F 45 37 59 1C 6C 7D 21 74 53 90 9B
Notes:
- The size of R and S components is based on the key size chosen. (e.g. in case of ECC NIST P256, size is 32 bytes and for ECC NIST P384, size is 48 bytes)
- If the first byte of R or S component is greater than 0x7F (negative integer), then the respective component gets prepended with 0x00.
- The caller must consider the length of buffer for signature accordingly considering the additional encoding information.
The example for format of RSA Signature (referred by RSA Signature generation and verification operations) is given below.
There is no additional encoding (format) considered for RSA signature. The length of the signature is based on the key length chosen.
For RSA 1024, the length of the signature is 128 bytes. For RSA 2048, the length of the signature is 256 bytes.
Example for RSA signature in case of RSA 1024-Exp key [Values are in hex]
5B DE 46 E4 35 48 F4 81 45 7C 72 31 54 55 E8 9F
1D D0 5D 9D EC 40 E6 6B 89 F3 BC 52 68 B1 D8 70
35 05 FC 98 F6 36 99 24 53 F0 17 B8 9B D4 A0 5F
12 04 8A A1 A7 96 E6 33 CA 48 84 D9 00 E4 A3 8E
2F 6F 3F 6D E0 1D F8 EA E0 95 BA 63 15 ED 7B 6A
B6 6E 20 17 B5 64 DE 49 64 97 CA 5E 4D 84 63 A0
F1 00 6C EE 70 89 D5 6E C5 05 31 0D AA B7 BA A0
AA BF 98 E8 39 93 70 07 2D FF 42 F9 A4 6F 1B 00