org.tron.common.crypto

Class ECKey

java.lang.Object

org.tron.common.crypto.ECKey

All Implemented Interfaces:

Serializable

public class ECKey
extends Object
implements Serializable

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ECKey.ECDSASignature
static class	ECKey.MissingPrivateKeyException

Field Summary

Fields

Modifier and Type	Field and Description
static org.spongycastle.crypto.params.ECDomainParameters	CURVE The parameters of the secp256k1 curve.
static org.spongycastle.jce.spec.ECParameterSpec	CURVE_SPEC
static BigInteger	HALF_CURVE_ORDER Equal to CURVE.getN().shiftRight(1), used for canonicalising the S value of a signature.
protected org.spongycastle.math.ec.ECPoint	pub

Constructor Summary

Constructors

Constructor and Description
ECKey() Generates an entirely new keypair.
ECKey(BigInteger priv, org.spongycastle.math.ec.ECPoint pub) Pair a private key integer with a public EC point BouncyCastle will be used as the Java Security Provider
ECKey(Provider provider, PrivateKey privKey, org.spongycastle.math.ec.ECPoint pub) Pair a private key with a public EC point.
ECKey(Provider provider, SecureRandom secureRandom) Generate a new keypair using the given Java Security Provider.
ECKey(SecureRandom secureRandom) Generates an entirely new keypair with the given SecureRandom object.

Method Summary

Modifier and Type	Method and Description
ECKey	compress() Deprecated. per-point compression property will be removed in Bouncy Castle
static org.spongycastle.math.ec.ECPoint	compressPoint(org.spongycastle.math.ec.ECPoint uncompressed) Deprecated. per-point compression property will be removed in Bouncy Castle
static byte[]	computeAddress(byte[] pubBytes) Compute an address from an encoded public key.
static byte[]	computeAddress(org.spongycastle.math.ec.ECPoint pubPoint) Compute an address from a public point.
ECKey	decompress() Deprecated. per-point compression property will be removed in Bouncy Castle
static org.spongycastle.math.ec.ECPoint	decompressPoint(org.spongycastle.math.ec.ECPoint compressed) Deprecated. per-point compression property will be removed in Bouncy Castle
byte[]	decryptAES(byte[] cipher) Deprecated. should not use EC private scalar value as an AES key
ECKey.ECDSASignature	doSign(byte[] input) Signs the given hash and returns the R and S components as BigIntegers and putData them in ECDSASignature
boolean	equals(Object o)
static ECKey	fromNodeId(byte[] nodeId) Recover the public key from an encoded node id.
static ECKey	fromPrivate(BigInteger privKey) Creates an ECKey given the private key only.
static ECKey	fromPrivate(byte[] privKeyBytes) Creates an ECKey given the private key only.
static ECKey	fromPrivateAndPrecalculatedPublic(BigInteger priv, org.spongycastle.math.ec.ECPoint pub) Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key.
static ECKey	fromPrivateAndPrecalculatedPublic(byte[] priv, byte[] pub) Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key.
static ECKey	fromPublicOnly(byte[] pub) Creates an ECKey that cannot be used for signing, only verifying signatures, from the given encoded point.
static ECKey	fromPublicOnly(org.spongycastle.math.ec.ECPoint pub) Creates an ECKey that cannot be used for signing, only verifying signatures, from the given point.
byte[]	getAddress() Gets the address form of the public key.
byte[]	getNodeId() Generates the NodeID based on this key, that is the public key without first format byte
BigInteger	getPrivKey() Gets the private key in the form of an integer field element.
byte[]	getPrivKeyBytes() Returns a 32 byte array containing the private key, or null if the key is encrypted or public only
byte[]	getPubKey() Gets the encoded public key value.
org.spongycastle.math.ec.ECPoint	getPubKeyPoint() Gets the public key in the form of an elliptic curve point object from Bouncy Castle.
int	hashCode()
boolean	hasPrivKey() Returns true if this key has access to private key bytes.
boolean	isCompressed() Returns whether this key is using the compressed form or not.
boolean	isPubKeyCanonical() Returns true if this pubkey is canonical, i.e. the correct length taking into account compression.
static boolean	isPubKeyCanonical(byte[] pubkey) Returns true if the given pubkey is canonical, i.e. the correct length taking into account compression.
boolean	isPubKeyOnly() Returns true if this key doesn't have access to private key bytes.
BigInteger	keyAgreement(org.spongycastle.math.ec.ECPoint otherParty)
static byte[]	pubBytesWithoutFormat(org.spongycastle.math.ec.ECPoint pubPoint) Compute the encoded X, Y coordinates of a public point.
static byte[]	publicKeyFromPrivate(BigInteger privKey, boolean compressed) Returns public key bytes from the given private key.
static byte[]	recoverAddressFromSignature(int recId, ECKey.ECDSASignature sig, byte[] messageHash)
static ECKey	recoverFromSignature(int recId, ECKey.ECDSASignature sig, byte[] messageHash)
static byte[]	recoverPubBytesFromSignature(int recId, ECKey.ECDSASignature sig, byte[] messageHash) Given the components of a signature and a selector value, recover and return the public key that generated the signature according to the algorithm in SEC1v2 section 4.1.6.
ECKey.ECDSASignature	sign(byte[] messageHash) Takes the keccak hash (32 bytes) of data and returns the ECDSA signature
static byte[]	signatureToAddress(byte[] messageHash, ECKey.ECDSASignature sig) Compute the address of the key that signed the given signature.
static byte[]	signatureToAddress(byte[] messageHash, String signatureBase64) Compute the address of the key that signed the given signature.
static ECKey	signatureToKey(byte[] messageHash, ECKey.ECDSASignature sig) Compute the key that signed the given signature.
static ECKey	signatureToKey(byte[] messageHash, String signatureBase64) Compute the key that signed the given signature.
static byte[]	signatureToKeyBytes(byte[] messageHash, ECKey.ECDSASignature sig)
static byte[]	signatureToKeyBytes(byte[] messageHash, String signatureBase64)
String	toString()
String	toStringWithPrivate() Produce a string rendering of the ECKey INCLUDING the private key.
boolean	verify(byte[] data, byte[] signature) Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.
static boolean	verify(byte[] data, byte[] signature, byte[] pub) Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.
boolean	verify(byte[] sigHash, ECKey.ECDSASignature signature) Verifies the given R/S pair (signature) against a hash using the public key.
static boolean	verify(byte[] data, ECKey.ECDSASignature signature, byte[] pub) Verifies the given ECDSA signature against the message bytes using the public key bytes.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

CURVE

public static final org.spongycastle.crypto.params.ECDomainParameters CURVE

The parameters of the secp256k1 curve.

CURVE_SPEC

public static final org.spongycastle.jce.spec.ECParameterSpec CURVE_SPEC

HALF_CURVE_ORDER

public static final BigInteger HALF_CURVE_ORDER

Equal to CURVE.getN().shiftRight(1), used for canonicalising the S value of a signature. ECDSA signatures are mutable in the sense that for a given (R, S) pair, then both (R, S) and (R, N - S mod N) are valid signatures. Canonical signatures are those where 1 <= S <= N/2

See https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki #Low_S_values_in_signatures

pub

protected final org.spongycastle.math.ec.ECPoint pub

Constructor Detail

ECKey

public ECKey()

Generates an entirely new keypair.

BouncyCastle will be used as the Java Security Provider

ECKey

public ECKey(Provider provider,
             SecureRandom secureRandom)

Generate a new keypair using the given Java Security Provider.

All private key operations will use the provider.

ECKey

public ECKey(SecureRandom secureRandom)

Generates an entirely new keypair with the given SecureRandom object.

BouncyCastle will be used as the Java Security Provider

Parameters:

secureRandom - -

ECKey

public ECKey(Provider provider,
             @Nullable
             PrivateKey privKey,
             org.spongycastle.math.ec.ECPoint pub)

Pair a private key with a public EC point.

All private key operations will use the provider.

ECKey

public ECKey(@Nullable
             BigInteger priv,
             org.spongycastle.math.ec.ECPoint pub)

Pair a private key integer with a public EC point

BouncyCastle will be used as the Java Security Provider

Method Detail

compressPoint

public static org.spongycastle.math.ec.ECPoint compressPoint(org.spongycastle.math.ec.ECPoint uncompressed)

Deprecated. per-point compression property will be removed in Bouncy Castle

Utility for compressing an elliptic curve point. Returns the same point if it's already compressed. See the ECKey class docs for a discussion of point compression.

Parameters:

uncompressed - -

Returns:

-

decompressPoint

public static org.spongycastle.math.ec.ECPoint decompressPoint(org.spongycastle.math.ec.ECPoint compressed)

Deprecated. per-point compression property will be removed in Bouncy Castle

Utility for decompressing an elliptic curve point. Returns the same point if it's already compressed. See the ECKey class docs for a discussion of point compression.

Parameters:

compressed - -

Returns:

-

fromPrivate

public static ECKey fromPrivate(BigInteger privKey)

Creates an ECKey given the private key only.

Parameters:

privKey - -

Returns:

-

fromPrivate

public static ECKey fromPrivate(byte[] privKeyBytes)

Creates an ECKey given the private key only.

Parameters:

privKeyBytes - -

Returns:

-

fromPrivateAndPrecalculatedPublic

public static ECKey fromPrivateAndPrecalculatedPublic(BigInteger priv,
                                                      org.spongycastle.math.ec.ECPoint pub)

Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key. This is used to speed things up when you know you have the right values already. The compression state of pub will be preserved.

Parameters:

priv - -

pub - -

Returns:

-

fromPrivateAndPrecalculatedPublic

public static ECKey fromPrivateAndPrecalculatedPublic(byte[] priv,
                                                      byte[] pub)

Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key. This is used to speed things up when you know you have the right values already. The compression state of the point will be preserved.

Parameters:

priv - -

pub - -

Returns:

-

fromPublicOnly

public static ECKey fromPublicOnly(org.spongycastle.math.ec.ECPoint pub)

Creates an ECKey that cannot be used for signing, only verifying signatures, from the given point. The compression state of pub will be preserved.

Parameters:

pub - -

Returns:

-

fromPublicOnly

public static ECKey fromPublicOnly(byte[] pub)

Creates an ECKey that cannot be used for signing, only verifying signatures, from the given encoded point. The compression state of pub will be preserved.

Parameters:

pub - -

Returns:

-

publicKeyFromPrivate

public static byte[] publicKeyFromPrivate(BigInteger privKey,
                                          boolean compressed)

Returns public key bytes from the given private key. To convert a byte array into a BigInteger, use new BigInteger(1, bytes);

Parameters:

privKey - -

compressed - -

Returns:

-

computeAddress

public static byte[] computeAddress(byte[] pubBytes)

Compute an address from an encoded public key.

Parameters:

pubBytes - an encoded (uncompressed) public key

Returns:

21-byte address

computeAddress

public static byte[] computeAddress(org.spongycastle.math.ec.ECPoint pubPoint)

Compute an address from a public point.

Parameters:

pubPoint - a public point

Returns:

21-byte address

pubBytesWithoutFormat

public static byte[] pubBytesWithoutFormat(org.spongycastle.math.ec.ECPoint pubPoint)

Compute the encoded X, Y coordinates of a public point.

This is the encoded public key without the leading byte.

Parameters:

pubPoint - a public point

Returns:

64-byte X,Y point pair

fromNodeId

public static ECKey fromNodeId(byte[] nodeId)

Recover the public key from an encoded node id.

Parameters:

nodeId - a 64-byte X,Y point pair

signatureToKeyBytes

public static byte[] signatureToKeyBytes(byte[] messageHash,
                                         String signatureBase64)
                                  throws SignatureException

Throws:

SignatureException

signatureToKeyBytes

public static byte[] signatureToKeyBytes(byte[] messageHash,
                                         ECKey.ECDSASignature sig)
                                  throws SignatureException

Throws:

SignatureException

signatureToAddress

public static byte[] signatureToAddress(byte[] messageHash,
                                        String signatureBase64)
                                 throws SignatureException

Compute the address of the key that signed the given signature.

Parameters:

messageHash - 32-byte hash of message

signatureBase64 - Base-64 encoded signature

Returns:

20-byte address

Throws:

SignatureException

signatureToAddress

public static byte[] signatureToAddress(byte[] messageHash,
                                        ECKey.ECDSASignature sig)
                                 throws SignatureException

Compute the address of the key that signed the given signature.

Parameters:

messageHash - 32-byte hash of message

sig - -

Returns:

20-byte address

Throws:

SignatureException

signatureToKey

public static ECKey signatureToKey(byte[] messageHash,
                                   String signatureBase64)
                            throws SignatureException

Compute the key that signed the given signature.

Parameters:

messageHash - 32-byte hash of message

signatureBase64 - Base-64 encoded signature

Returns:

ECKey

Throws:

SignatureException

signatureToKey

public static ECKey signatureToKey(byte[] messageHash,
                                   ECKey.ECDSASignature sig)
                            throws SignatureException

Compute the key that signed the given signature.

Parameters:

messageHash - 32-byte hash of message

sig - -

Returns:

ECKey

Throws:

SignatureException

verify

public static boolean verify(byte[] data,
                             ECKey.ECDSASignature signature,
                             byte[] pub)

Verifies the given ECDSA signature against the message bytes using the public key bytes.

When using native ECDSA verification, data must be 32 bytes, and no element may be larger than 520 bytes.

Parameters:

data - Hash of the data to verify.

signature - signature.

pub - The public key bytes to use.

Returns:

-

verify

public static boolean verify(byte[] data,
                             byte[] signature,
                             byte[] pub)

Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.

Parameters:

data - Hash of the data to verify.

signature - signature.

pub - The public key bytes to use.

Returns:

-

isPubKeyCanonical

public static boolean isPubKeyCanonical(byte[] pubkey)

Returns true if the given pubkey is canonical, i.e. the correct length taking into account compression.

Parameters:

pubkey - -

Returns:

-

recoverPubBytesFromSignature

@Nullable
public static byte[] recoverPubBytesFromSignature(int recId,
                                                             ECKey.ECDSASignature sig,
                                                             byte[] messageHash)

Given the components of a signature and a selector value, recover and return the public key that generated the signature according to the algorithm in SEC1v2 section 4.1.6.

The recId is an index from 0 to 3 which indicates which of the 4 possible allKeys is the correct one. Because the key recovery operation yields multiple potential allKeys, the correct key must either be stored alongside the signature, or you must be willing to try each recId in turn until you find one that outputs the key you are expecting.

If this method returns null it means recovery was not possible and recId should be iterated.

Given the above two points, a correct usage of this method is inside a for loop from 0 to 3, and if the output is null OR a key that is not the one you expect, you try again with the next recId.

Parameters:

recId - Which possible key to recover.

sig - the R and S components of the signature, wrapped.

messageHash - Hash of the data that was signed.

Returns:

65-byte encoded public key

recoverAddressFromSignature

@Nullable
public static byte[] recoverAddressFromSignature(int recId,
                                                            ECKey.ECDSASignature sig,
                                                            byte[] messageHash)

Parameters:

recId - Which possible key to recover.

sig - the R and S components of the signature, wrapped.

messageHash - Hash of the data that was signed.

Returns:

20-byte address

recoverFromSignature

@Nullable
public static ECKey recoverFromSignature(int recId,
                                                    ECKey.ECDSASignature sig,
                                                    byte[] messageHash)

Parameters:

recId - Which possible key to recover.

sig - the R and S components of the signature, wrapped.

messageHash - Hash of the data that was signed.

Returns:

ECKey

decompress

public ECKey decompress()

Deprecated. per-point compression property will be removed in Bouncy Castle

Returns a copy of this key, but with the public point represented in uncompressed form. Normally you would never need this: it's for specialised scenarios or when backwards compatibility in encoded form is necessary.

Returns:

-

compress

public ECKey compress()

Deprecated. per-point compression property will be removed in Bouncy Castle

isPubKeyOnly

public boolean isPubKeyOnly()

Returns true if this key doesn't have access to private key bytes. This may be because it was never given any private key bytes to begin with (a watching key).

Returns:

-

hasPrivKey

public boolean hasPrivKey()

Returns true if this key has access to private key bytes. Does the opposite of isPubKeyOnly().

Returns:

-

getAddress

public byte[] getAddress()

Gets the address form of the public key.

Returns:

20-byte address

getNodeId

public byte[] getNodeId()

Generates the NodeID based on this key, that is the public key without first format byte

getPubKey

public byte[] getPubKey()

Gets the encoded public key value.

Returns:

65-byte encoded public key

getPubKeyPoint

public org.spongycastle.math.ec.ECPoint getPubKeyPoint()

Gets the public key in the form of an elliptic curve point object from Bouncy Castle.

Returns:

-

getPrivKey

public BigInteger getPrivKey()

Gets the private key in the form of an integer field element. The public key is derived by performing EC point addition this number of times (i.e. point multiplying).

Returns:

-

Throws:

IllegalStateException - if the private key bytes are not available.

isCompressed

public boolean isCompressed()

Returns whether this key is using the compressed form or not. Compressed pubkeys are only 33 bytes, not 64.

Returns:

-

toString

public String toString()

Overrides:

toString in class Object

toStringWithPrivate

public String toStringWithPrivate()

Produce a string rendering of the ECKey INCLUDING the private key. Unless you absolutely need the private key it is better for security reasons to just use toString().

Returns:

-

doSign

public ECKey.ECDSASignature doSign(byte[] input)

Signs the given hash and returns the R and S components as BigIntegers and putData them in ECDSASignature

Parameters:

input - to sign

Returns:

ECDSASignature signature that contains the R and S components

sign

public ECKey.ECDSASignature sign(byte[] messageHash)

Takes the keccak hash (32 bytes) of data and returns the ECDSA signature

Parameters:

messageHash - -

Returns:

-

Throws:

IllegalStateException - if this ECKey does not have the private part.

keyAgreement

public BigInteger keyAgreement(org.spongycastle.math.ec.ECPoint otherParty)

decryptAES

public byte[] decryptAES(byte[] cipher)

Deprecated. should not use EC private scalar value as an AES key

Decrypt cipher by AES in SIC(also know as CTR) mode

Parameters:

cipher - -proper cipher

Returns:

decrypted cipher, equal length to the cipher.

verify

public boolean verify(byte[] data,
                      byte[] signature)

Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.

Parameters:

data - Hash of the data to verify.

signature - signature.

Returns:

-

verify

public boolean verify(byte[] sigHash,
                      ECKey.ECDSASignature signature)

Verifies the given R/S pair (signature) against a hash using the public key.

Parameters:

sigHash - -

signature - -

Returns:

-

isPubKeyCanonical

public boolean isPubKeyCanonical()

Returns true if this pubkey is canonical, i.e. the correct length taking into account compression.

Returns:

-

getPrivKeyBytes

@Nullable
public byte[] getPrivKeyBytes()

Returns a 32 byte array containing the private key, or null if the key is encrypted or public only

Returns:

-

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object