Consensys/quorum-hashicorp-vault-plugin

Incorrect ECDSA Format for arbitrary data signing

Closed this issue · 1 comments

ehanoc commented

  • When singing arbitrary data with the endpoint /sign; the description says Signs an arbitrary message using ECDSA

  • The standard format for ECDSA should be comply with RFC6979.

    • Quote : The pair (r, s) is the signature. How a signature is to be encoded is not covered by the DSA and ECDSA standards themselves; a common way is to use a DER-encoded ASN.1 structure (a SEQUENCE of two INTEGERs, for r and s, in that order).

  • The signature length should be of 64 bytes (R - 32 bytes, S - 32 bytes). But the signature returned in the endpoint is of 65 bytes.

  • sample responses :

    • 0x0866a9ebb23cc4b047e398d7ede52b718a067c0d7f40595baa6b0d0c395152557a578887b7295152a2b9aeb01f96b11a28757b9f3722ddf4998353b643a4ecb900
    • 0xc1bdd9d097a131434115b563706bb94367fdb7c412f677b5fe8c26e181c579ae642ae3a8287bcc75add88932fe48d956aaf3cba5913ee8d185266d88b7ecd4ec00

The last trailing 00's i'm assuming are part of Ethereum's signature scheme for transactions specifically and as part of EIP-155 (Replay protection). Which is of the following format (r, s, v). Which would make send when using sign-transaction , but not for arbitrary data?

V is always 00 / 01 in this case and not part of standard ECDSA and as a client if we want to verify signatures without the private key; it means that we have to manually cut the last byte.

darioAnongba commented

Hello @ehanoc, sorry for the delay in responding. You are right about the sign endpoint not being in the standard ECDSA format but the reason is bit more nuanced.

That endpoint will be deprecated and removed because Ethereum does not define the usage of the underlying private key to directly sign arbitrary data. Ethereum EIPs define signing transactions, signing messages and signing typed data. Meaning that the sign endpoint over the ethereum domain should not exist.

What you are trying to achieve seems to be signing data with a Secp256k1/ECDSA key. This is agnostic to Ethereum. Usage of keys should be done through the keys endpoint by creating a Secp256k1/ECDSA key and signing with it. If what you are trying to achieve is EIP-191 or EIP-712, then you should check the https://github.com/ConsenSys/quorum-key-manager.

try sending a PUT request to /keys with a payload like this:

{
    "id": "my-id",
    "curve": "secp256k1",
    "signing_algorithm": "ecdsa"
}

Then you can call /keys/my-id/sign with that key and the result will be standard ECDSA (malleable)