# [Cryptography-dev] EC key values

Pim van der Eijk (Lists) lists at sonnenglanz.net
Sun Jan 8 11:19:09 EST 2017

```Hi,

I am using cryptography to implement the KeyInfo part of W3C XML
Signature and am looking to add support for EC keys.  The following is
part of an example structure I would like to be able to process:

<ECKeyValuexmlns="http://www.w3.org/2009/xmldsig11#"><NamedCurveURI="urn:oid:1.2.840.10045.3.1.7"/><PublicKey>vWccUP6Jp3pcaMCGIcAh3YOev4gaa2ukOANC7Ufg
Cf8KDO7AtTOsGJK7/TA8IC3vZoCy9I5oPjRhyTBulBnj7Y </PublicKey></ECKeyValue>

I have two questions.

First, according to W3C XML Signature (see
https://www.w3.org/TR/xmldsig-core1/#sec-ECKeyValue) the content of
|PublicKey|in ECKeyValue element is:

/"///a Base64 encoding of a binary representation of the x and y
coordinates of the point. ///Its value is computed as follows:/

1. /Convert the elliptic curve point (x,y) to an octet string by first
converting the field elements x and y to octet strings as specified
in Section 6.2 of //https://www.rfc-editor.org/rfc/rfc6090.txt//,
and then prepend the concatenated result of the conversion with
0x04. Support for Elliptic-Curve-Point-to-Octet-String conversion
without point compression is/////required///./
2. /Base64 encode the octet string resulting from the conversion in
Step 1."/

RFC 6090 section 6.2 states:

6.2.  Integer-to-Octet-String Conversion

The integer x shall be converted to an octet string S of length k as
follows.  The string S shall satisfy

k
y =  SUM  2^(8(k-i)) Si .
i = 1

where S1, ..., Sk are the octets of S from first to last.

In other words, the first octet of S has the most significance in the
integer, and the last octet of S has the least significance.

I am looking to implement this using cryptography.  There is an
encode_point() function in
hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers which is
documented to transform "an elliptic curve point to a byte string as
described inSEC 1 v2.0 <http://www.secg.org/sec1-v2.pdf>section
2.3.3.".  Is this the same encoding as under the quoted section of XML
Signature, item (1) ?

Second question, the class asymmetric.ec.EllipticCurve has a "name" that
is the symbolic name used for the ASN.1 OID
For example,  OID 1.3.132.0.34 has the name "secp384r1".

W3C XML Signature apparently expects the OID encoded as a URN
(https://www.ietf.org/rfc/rfc3061.txt), i.e. something like
"urn:oid:1.3.132.0.34".  Is there a way in Python to get the OID value
for a named curve, rather than its symbolic name?

Kind Regards,

Pim

Kind Regards,

Pim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170108/248daa89/attachment.html>
```