Comments (14)
When executing the lazysodium cryptoSignDeteached on Ubuntu 18.04 either Jave 8 or 11, it returns the incorrect sig.
The hashBytes is correct and the privateKeyBytes is correct, but the sig for some reason isn't.
from lazysodium-java.
Am using Maven to compile and Eclipse IDE.
Any help would be appreciated.
from lazysodium-java.
Hi @adkessell,
Just glanced through your code. I think the issue is what you pass through to the function. Instead of:
long[] sigLen = new long[] {sig.length};
boolean r = lazysodium.cryptoSignDetached(sig, sigLen, hashBytes, hashBytes.length, privateKeyBytes);
It should be:
boolean r = lazysodium.cryptoSignDetached(sig, null, hashBytes, hashBytes.length, privateKeyBytes);
As you can see the sigLength
param has been nullified. Libsodium docs say that "The actual length of the signature is put into siglen
if siglen
is not NULL." Which means you don't need to pass the signature's length into it.
Let me know if the above works for you.
from lazysodium-java.
Gurpreet,
Thanks for the quick response. I had it set to null first and didn't work that way either.
So not sure what is causing this not to work, as I have been trying to figure this out for a few days now.
If you can take the code and run it against your libraries and see if it works for you, then send the result back would be appreciated.
Thanks
Anthony
from lazysodium-java.
Hi Anthony,
I appreciate your patience, I am running the tests now and trying to emulate your environment. Is it a 64 or 32 bit machine you are working on?
from lazysodium-java.
Ah I think I found your problem. Your secret key must be 64 bytes long. Currently your keys are 54 bytes long.
byte[] publicKey = randomBytesBuf(Sign.PUBLICKEYBYTES); // 32 bytes
byte[] secretKey = randomBytesBuf(Sign.SECRETKEYBYTES); // 64 bytes
if (!cryptoSignKeypair(publicKey, secretKey)) { // Use this method to help you
throw new SodiumException("Could not generate a signing keypair.");
}
Key pk = Key.fromBytes(publicKey);
Key sk = Key.fromBytes(secretKey);
String signed = lazySodium.cryptoSignDetached(msg, sk); // Can also use Native method
boolean verification = lazySodium.cryptoSignVerifyDetached(signed, msg, pk); // true
I know that you already have generated a secret and public key but they both must be generated using the algorithm that powers cryptoSign()
. (Or you can use cryptoSignSeedKeypair()
to generate a deterministic key pair).
Hope that helps 👍
from lazysodium-java.
I am using 64bit machine.
Interesting, as these keys were generated by the tezos blockchain sandbox wallet and I have written some python code to utilize them and they work perfectly fine. I am calling blake2b, ed25519 and has256 within my code without issues.
So in my java code I decode them to hex and they are 64bytes long, so by padding them out will change the keys or using the sodium key generator will not work with the code I am using as the keys are generated and stored.
I would thought that this should be able to take any 64byte keys generated by a wallet.
I will try your approach, also try libsodium in python to see what result I get and see where it goes but I think libsodium should be able to take keys generated by any wallet.
Thanks will let you know.
from lazysodium-java.
byte[] edskPrefix = {(byte) 43, (byte) 246, (byte) 78, (byte) 7};
byte[] decodeSK = base58code.decode(skey);
byte[] privateKeyBytes = Arrays.copyOfRange(decodeSK, edskPrefix.length, decodeSK.length);
This code decodes it to 64bytes, if you printout the hex of privateKeyBytes and the length it is 64bytes. The edsk has to be stripped off as it is a tezos marker.
from lazysodium-java.
How has the lazysodium library been built, Deterministic or non-deterministic? As everytime I run it I get a different result even though the inputs are the same.
from lazysodium-java.
How has the lazysodium library been built, Deterministic or non-deterministic? As everytime I run it I get a different result even though the inputs are the same.
It's been built deterministically.
if you printout the hex of privateKeyBytes and the length it is 64bytes
Yes but that's the hex and not the actual bytes. Hex encoding is just a way for us humans to conveniently read the byte array (or store it as a string somewhere). The code below shows you the hexLen
and the actual length
. Both keys return 32 bytes as the actual length.
Key privKey = Key.fromBytes(privateKeyBytes);
Key pubKey = Key.fromBytes(publicKeyBytes);
System.out.println("privateKeyHex=" + privKey.getAsHexString() + " hexLen=" + privKey.getAsHexString().length() + " length=" + privKey.getAsBytes().length);
System.out.println("publicKeyHex=" + pubKey.getAsHexString() + " hexLen=" + pubKey.getAsHexString().length() + " length=" + pubKey.getAsBytes().length);
How does Tezos generate its public and private keys (i.e how are pkey
and skey
generated)? Is there some sort of algorithm?
If I can understand how those are generated, then maybe we can see how the two keys relate to each other and so help you input the correct values for cryptoSignDetached()
.
from lazysodium-java.
Not sure how Tezos generated the keys, but here is the python code I have used to generate the signature.
bin_skey=base58check.b58decode(skey).hex()[8:72]
bin_operation=binascii.unhexlify(operation)
seed=binascii.unhexlify(bin_skey)
from pyblake2 import blake2b
h=blake2b(digest_size=32)
h.update(b'\x03'+bin_operation)
digest=h.digest()
sk=ed25519.SigningKey(seed)
sig=sk.sign(digest)
edsig_sig='09f5cd8612'+sig.hex()
m1=hashlib.sha256(binascii.unhexlify(edsig_sig))
m2=hashlib.sha256(m1.digest())
checksum=m2.hexdigest()[:8]
final_hex=edsig_sig+checksum
final_encode=base58check.b58encode(binascii.unhexlify(final_hex))
final=final_encode.decode('ascii')
from lazysodium-java.
I spent a lot of time looking through the source code of Tezos as to how it generates keys. Your secret key is the wrong size, it must be 64 bytes long. The code below works.
public class Test {
public static void main(String[] args) throws Exception {
LazySodiumJava lazysodium = new LazySodiumJava(new SodiumJava(), StandardCharsets.UTF_8);
// Generate correct keys.
String publicKey = "edpktgy221Yw1AbERrMVbKpeGCdrS36TAK5wM6b4Pq2w1rjvBCxBQN";
String secretKey = "edskRtpgZd7LVA6yZvVPkpDnoUiwDu7Zum9t4KX69iFerhu3yDNe33d9hMwqftELnui5ohHNa2JQi4VRqXEUt5URzdS3whmG6q";
String msg = "yo";
// Base 58 decode the secret key.
byte[] base58SKey = base58check.decode(secretKey);
byte[] base58PKey = base58check.decode(publicKey);
// Print out the base58 decoded keys.
System.out.println("Base58 decoded keys");
printKey(Key.fromBytes(base58SKey));
printKey(Key.fromBytes(base58PKey));
// Remove first 4 bytes which is the prefix.
byte[] removedBytesSk = Arrays.copyOfRange(base58SKey, 4, base58SKey.length);
byte[] removedBytesPk = Arrays.copyOfRange(base58PKey, 4, base58PKey.length);
// Convert to keys.
Key properSk = Key.fromBytes(removedBytesSk);
Key properPk = Key.fromBytes(removedBytesPk);
// Check if the bytes have been removed.
System.out.println();
System.out.println("Hex keys");
printKey(properSk);
printKey(properPk);
// Hash or do whatever you want to the message.
String hashed = lazysodium.cryptoGenericHash(msg);
byte[] hashBytes = lazysodium.sodiumHex2Bin(hashed);
// Now sign it and verify it.
byte[] sig = new byte[Sign.BYTES];
lazysodium.cryptoSignDetached(sig, null, hashBytes, hashBytes.length, properSk.getAsBytes());
boolean correct = lazysodium.cryptoSignVerifyDetached(sig, hashBytes, hashBytes.length, properPk.getAsBytes());
System.out.println(correct);
}
public static void printKey(Key key) {
System.out.println("Length = " + key.getAsBytes().length + ". " + LazySodium.toHex(key.getAsBytes()));
}
}
from lazysodium-java.
from lazysodium-java.
Hey @adkessell,
No problem. By the way, the source code of this project really helped.
Happy coding 👍
from lazysodium-java.
Related Issues (20)
- Bnd vs osgi HOT 1
- Upgrade JNA to latest HOT 1
- Problems with resolving resource-loader dependency through OSGI HOT 2
- Padding methods take wrong data type HOT 7
- Support passing byte arrays to lazy methods instead of strings HOT 2
- Lazy Sodium on an M1 mac is not able to load libsodium properly HOT 13
- Lazysodium 5.1.1 doesn't load libsodium for Rocky Linux 8 HOT 1
- libsodium.so can't be loaded on Raspberry Pi OS due to missing libssp.so.0 library HOT 1
- 5.1.2 is not released to maven HOT 3
- ShortHash 'in' expected in hex format?
- Bundled sodium.dll cannot be loaded when path to JAR contains spaces HOT 1
- Provide module information HOT 1
- classes that support shortened number of parameters
- LazySodiumAndroid.cryptoKdfDeriveFromKey() throws an exception if key length exceeds 32 bytes
- help using sealed box for GitHub secret HOT 1
- LazySodium creates folders "resource-loader*" under /tmp folder HOT 1
- An error occurred with java. lang. NoClassDefFoundError
- sodiumHex2Bin silently accepts garbage input
- Decrypting Signed Message HOT 1
- Some sort of memory issue using cryptoBoxKeyPair() HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lazysodium-java.