Example of ECDSAAlgorithm?

Question

Example of ECDSAAlgorithm?

mattabb opened this issue 2 years ago · 8 comments

mattabb commented 2 years ago

I was unable to correctly sign with a ECDSA key. I attempted to create an algorithm like:

var algo = new ECDSAAlgorithm();

I was unable to do this, however was able to create:
var algo = new ECDSAAlgorithmFactory()

which was unworkable.

Answer 1 · 2022-06-09T21:01:26.000Z

I frankly never used it myself as it was an OSS contribution to the library.

ECDSAAlgorithm accepts either one or two ECDsa objects (two for encoding/signing, just one for reading/validation). Or X509Certificate2 which I guess must be certain certificate so cert.GetECDsaPrivateKey() and cert.GetECDsaPublicKey() would return something.

Answer 2 · 2022-06-16T11:56:56.000Z

@mattabb I'm not sure why you chose ECDSA, however when I went to chose between the two, I avoided it since it only works on .Net Standard 2.0. I instead went with RS family of encryption. If that would work for you, I'd be happy to share my steps.

Answer 3 · 2022-06-18T01:28:51.000Z

I wrote a small sample project for minimal APIs and it uses JWT and with ECDSA keys.

You can see how I used it in this class:
https://github.com/hartmark/minimal-api-sample/blob/main/Backend/Infrastructure/DataService/JwtGenerator.cs

Answer 4 · 2022-06-20T02:00:10.000Z

Thanks, @hartmark. @drusellers please take a look, let me know if it works for you, and that the issue can be closed.

Answer 5 · 2022-07-02T16:03:53.000Z

I wrote a small sample project for minimal APIs and it uses JWT and with ECDSA keys.

You can see how I used it in this class: https://github.com/hartmark/minimal-api-sample/blob/main/Backend/Infrastructure/DataService/JwtGenerator.cs

Looks good @hartmark . One question, is there somewhere I can find recommended secret sizes based on the length of the key? I'm a little confused on that and had thought that the PrivateKey/PublicKey would suffice for signing

Answer 6 · 2022-07-02T17:02:21.000Z

Looks good @hartmark . One question, is there somewhere I can find recommended secret sizes based on the length of the key? I'm a little confused on that and had thought that the PrivateKey/PublicKey would suffice for signing

ES521 uses P-521 so 521bits or around 66 (rounded up) characters.

I'm not so knowledgeable about the details about if it's weaker if shorter. But I have read that if it is shorter it will pad the secret internally.

Answer 7 · 2022-07-02T18:01:23.000Z

I had an Eureka moment and remember I just used this method to generate the key.

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.ecdsa.create?view=net-6.0#system-security-cryptography-ecdsa-create

The security implications of different lengths of the secret is not known for me.

Answer 8 · 2022-09-21T18:24:22.000Z

Nice example @hartmark . But where can I get secret for ECDsa? I've created it with openssl and don't have any secret.