1

I was playing around with the ECDsaCng, and I realised that the key size doesn't seem to be correct. From the code below, the privateKey variable, for instance, was a 104-long byte array, whereas I didn't expect it to be larger than 32.

What am I doing wrong?

        ECDsaCng dsa = new ECDsaCng(256);
        dsa.HashAlgorithm = CngAlgorithm.Sha256;
        dsa.GenerateKey(ECCurve.NamedCurves.nistP256);
        var privateKey = dsa.Key.Export(CngKeyBlobFormat.EccPrivateBlob);
        var publicKey = dsa.Key.Export(CngKeyBlobFormat.EccPublicBlob);

Thank you in advance.

Dominus
  • 808
  • 11
  • 25

1 Answers1

2

The private key d is a random integer in [1, n - 1], where n is the order of the base point G. The public key is the curve point (x, y) = d * G, here. For NIST P-256 (secp256r1) d, x and y are encoded to 32 bytes (the values cannot be larger).

MS stores both keys in a specific format described here. The format for the public key has an 8 bytes header, followed by the 32 bytes x-value and the 32 bytes y-value, so that the total length is 72 bytes. The format for the private key has a (different) 8-byte header, followed by the 32 byte x-value, the 32 byte y-value, and the 32 byte d-value, so that the total length is 104 bytes, in accordance with the value you found. A detailed description of the headers can be found here.

Topaco
  • 40,594
  • 4
  • 35
  • 62