1
$\begingroup$

I am designing a general purpose software security module.

One of my requirements is to "describe" a stored key, including a "check" value. The purpose of this "check" value is not attestation but simply to be a quick, key type agnostic, way of testing if two keys are (not) the same. I am free to specify this "check" value, as long as it is a stable value, always the same value for the same key.

For, say, AES keys, I have designed the "check" value to be some bytes of the resulting of encrypting a predefined block, as it seems to be customary. For EC keys, because standard ECDSA is nondeterministic, I am evaluating either using nonstandard deterministic ECDSA or ECDH.

For the ECDH case, I am considering desiging the "check" value to be some bytes of the resulting secret of doing ECDH against the public key for private key 1. I am assuming that ECDH assures no bit of the private key would leak from doing this.

Are my assumptions correct? am I missing something?

Improve this question
$\endgroup$

1 Answer 1

Reset to default
1
$\begingroup$

For a private key, just use the public key (in some canonical format)! Or a hash of the public key if you need something with a fixed size. Then you don't have to worry about possibly leaking a value that could help some attack. This doesn't prove possession, but it uniquely identifies the private key.

Improve this answer
$\endgroup$
1
  • $\begingroup$ Thanks! It seems I was missing the obvious, as always! $\endgroup$ Commented Sep 10, 2024 at 19:05

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.