EcdsaVerify Class

Namespace: Yubico.YubiKey.Cryptography Assembly: Yubico.YubiKey.dll

This class can verify the ECDSA signature using different types of public keys.

public class EcdsaVerify : Object, IDisposable

Inheritance System.Object EcdsaVerify

Implements

System.IDisposable

Remarks

This class will use the default System.Security.Cryptography.ECDsa implementation to verify a signature. In order to do so, it must be able to "convert" the public key and the signature into the formats required by that class.

The ECDsa class is disposable, which is why this class is as well.

Converting the key into the appropriate format is done by the constructor. The public key you will use to verify the signature will likely be in one of these formats:

   PivPublicKey
   CoseKey
   X509Certificate2
   ECDsa
   encoded point (0x04 || x-coordinate || y-coordinate)

Create an instance of this class with the key you have. Then examine the ECDsa property. You will see your key is now loaded in the format needed. For example, suppose you have an object that contains information about a PIV slot, and the PublicKey property is a PivPublicKey containing the public key partner to the private key in that slot.

  using var ecdsaVerifier = new EcdsaVerify(slotContents[index].PublicKey);

The ECDsa class also requires the signature to be in a specific format that is not standard. Most standards specify that an ECDSA signature is formatted following the BER encoding of the following ASN.1 definition:

   Ecdsa-Sig-Value  ::=  SEQUENCE  {
     r     INTEGER,
     s     INTEGER  }

However, the ECDsa class expects the signature to be represented as the concatenation of r and s where each value is exactly the curve size. For example, the size of the NIST curve P-256 is 256 bits, which is 32 bytes. Hence, the signature r||s must be 64 bytes, both r and s must be exactly 32 bytes. If a value is shorter than 32 bytes, it is prepended with 00 bytes.

The verification methods will convert a standard signature into the format the ECDsa class needs. They can also verify signatures that are formatted as r||s.

The YubiKey returns an ECDSA signature following the standard, namely the BER encoding.

This class can verify signatures for P-256 and P-384 only.

Each of the verify methods will return a boolean, indicating whether the signature verifies or not. If a signature does not verify, that is not an error. The methods will throw exceptions if they encounter bad data, such as x- or y-coordinates that do not fit the specified curve.

For example,

   using var ecdsaVfy = new EcdsaVerify(authData.CredentialPublicKey);
   bool isVerified = ecdsaVerify.VerifyDigest(digest, signature);

   using var ecdsaVfy = new EcdsaVerify(AttestationCert);
   bool isVerified = ecdsaVerify.VerifyData(dataToVerify, signature, false);

Constructors

Name	Description
EcdsaVerify(ReadOnlyMemory<Byte>)	Create an instance of the EcdsaVerify class using the encoded point.
EcdsaVerify(ECDsa)	Create an instance of the EcdsaVerify class using the ECDsa object that contains the public key.
EcdsaVerify(X509Certificate2)	Create an instance of the EcdsaVerify class using the given certificate.
EcdsaVerify(CoseKey)	Create an instance of the EcdsaVerify class using the COSE EC public key.
EcdsaVerify(PivPublicKey)	Create an instance of the EcdsaVerify class using the PIV ECC public key.

Properties

Name	Description
ECDsa	The object built that will perform the verification operation.

Methods

Name	Description
Dispose()	Clean up.
Dispose(Boolean)	Clean up
VerifyData(Byte[], Byte[], Boolean)	Verify the `signature` using the `dataToVerify`. This method will digest the `dataToVerify` using SHA-256 if the public key is P-256 and SHA-384 if the public key is P-384, and then verify the signature using the digest.
VerifyDigestedData(Byte[], Byte[], Boolean)	Verify the `signature` using the `digestToVerify`.