Matching sec256k1 keys in JS and PHP

Question

I'm having trouble with uniting the ionux/phactor PHP library, and the indutny/elliptic JS library.

One library is being used at a LAMP server, the other via Nodejs at Amazon Lambda.

I generate one key pair with the PHP library; sign sha256 hash data and save results as JSON output.

$ec = KeyManager::instance()->getECKeysByHash($k = '122e43fd75dd0492a259146ab5dfd5c6');

return $response = [
    'source' => [
        'message' => $m = 'asd',
        'hash' => $h = hash('sha256', $m),
        'hash_signed' => $ec->sign($h),
     ],
     'ec' => [
        'key' => $k,
        'keys' => config(KeyManager::EC_DIR_NAME.'.'.$k)
     ]

];

Outputs:

{  
   "source":{  
      "message":"asd",
      "hash":"688787d8ff144c502c7f5cffaafe2cc588d86079f9de88304c26b0cb99ce91c6",
      "hash_signed":"30460221009a8c0c55ddc3ab3dc3b1e944a92c94fb215b7ed8ac332d398a6acb9d543a5d06022100e87f295c537fb2d14a52476e56b4c3a214be97e421510cbb46cb2059bed342bf"
   },
   "ec":{  
      "key":"122e43fd75dd0492a259146ab5dfd5c6",
      "keys":{  
         "private_key_hex":"0xde1a1c2734cc1e65b46946cfeb7cad28e48e8efbce5e36d859a4aa06ca9bb3f8",
         "private_key_dec":"100459584715065215111848758376288522810407133161466091883119287856242863354872",
         "public_key":"043876c88178bb7e386bbdb6325e201ec8e0e1ab75fc6c7713ed04051e029cb94b9d01c3b6aee0e6c5c92d7456f16667b08b4121526e97f5c704a19f7e9b3cd6c",
         "public_key_compressed":"023876c88178bb7e386bbdb6325e201ec8e0e1ab75fc6c7713ed04051e029cb94b",
         "public_key_x":"3876c88178bb7e386bbdb6325e201ec8e0e1ab75fc6c7713ed04051e029cb94b",
         "public_key_y":"9d01c3b6aee0e6c5c92d7456f16667b08b4121526e97f5c704a19f7e9b3cd6c"
      }
   }
};

I saved the output to a JS variable tests, and trying to check if the hash generated on the PHP side, equals the JS algorithm in this way:

var ecc = new EC('secp256k1');
var my_hash_word_array = CryptoJS.SHA256(tests.source.message);
var my_hash = my_hash_word_array.toString();

console.log('hash equals:',tests.source.hash == my_hash);

I can that in this case it's equal!

Now, I want to check if the generated PHP side signature tests.source.hash_signed (from tests.source.hash) relates to the known public key using JS:

var key = ecc.keyFromPublic(tests.ec.keys.public_key_compressed, 'hex'); // <<< problem line
console.log('signOk:', key.verify(my_hash, tests.source.hash_signed));

The result is "signOk: false", why? What am I doing wrong?

Answer 1

I've spent quite some time trying to track this down, and I'm pretty sure your issue has to do with the key encoding:

var key = ecc.keyFromPublic(tests.ec.keys.public_key_compressed, 'hex');

This line is apparently looking for a Hexadecimal encoded key.

Looking at your loaded values:

"public_key_compressed":"023876c88178bb7e386bbdb6325e201ec8e0e1ab75fc6c7713ed04051e029cb94b",

public_key_compressed is not in Hexadecimal encoding (hint: doesn't start with "0x")

You should make sure to encode this value as Hexadecimal and try again.