Archived Forum Post

Index of archived forum posts

Question:

DSA VerifyKey fails with q is not a prime

Dec 19 '13 at 15:40

Hi,

I am generating a EC DSA key pair using BouncyCastle and am sending the private key to an Android device so that it can sign data to submit to the server.

X9ECParameters p = NistNamedCurves.GetByName(SIG_ALGORTHIM);
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
SecureRandom k = new SecureRandom();
g.Init(new ECKeyGenerationParameters(parameters, k));
AsymmetricCipherKeyPair pair = g.GenerateKeyPair();
ECPrivateKeyParameters kp = pair.Private as ECPrivateKeyParameters;
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private);            
return Core.Hex.Encode(privateKeyInfo.GetDerEncoded());

This will generate something like:

308202050201003081EC06072A8648CE3D02013081E0020101302C06072A8648CE3D0101022100FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF30440420FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC04205AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B0441046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5022100FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC6325510201010482010F3082010B02010104201093EF4D3D6822E4BF6FD27E5BABB3032F9053BBAA784524E18714852E317A46A081E33081E0020101302C06072A8648CE3D0101022100FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF30440420FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC04205AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B0441046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5022100FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551020101

When I try and use the key with CkDsa, VerifyKey fails with "q is not prime". If I try and sign anyway SignHash fails with "not a private key".

dsa.FromDer(bytes); // loads OK
dsa.VerifyKey(); // fails - see last error below

Any suggestions?

Many thanks.

ChilkatLog:
   VerifyKey:
     DllDate: Aug 20 2013
     ChilkatVersion: 9.4.1.42
     UnlockPrefix: Anything for 30-day trial
     Architecture: Little Endian; 32-bit
     Language: Android Java
     VerboseLogging: 0
     hcCurDate: Thu, 19 Dec 2013 15:53:17 +0000
     hcExpire: 11/2013
     Verifying key...
     q is not prime
     Failed.
   --VerifyKey
 --ChilkatLog

---

Answer

By definition of DSA (Digital Signature Algorithm) standards, p and q need to be prime.