#!/usr/bin/php generator384(); $useDerandomizedSignatures = true; $algorithm = 'sha384'; $derSerializer = new DerPrivateKeySerializer($adapter); ## generate der key $private = $generator->createPrivateKey(); echo "privkey: " . $private->getSecret() . PHP_EOL; $der = $derSerializer->serialize($private); $math = new GmpMath(); // echo bin2hex($math->intToString($private->getSecret())) . PHP_EOL; // echo bin2hex($der) . PHP_EOL; ## You'll be restoring from a key, as opposed to generating one. $key = $derSerializer->parse($der); $document = 'I am writing today...'; $hasher = new SignHasher($algorithm, $adapter); $hash = $hasher->makeHash($document, $generator); echo "message: $document" . PHP_EOL; echo "hash: $hash" . PHP_EOL; # Derandomized signatures are not necessary, but is avoids # the risk of a low entropy RNG, causing accidental reuse # of a k value for a different message, which leaks the # private key. if ($useDerandomizedSignatures) { $random = \Mdanter\Ecc\Random\RandomGeneratorFactory::getHmacRandomGenerator($key, $hash, $algorithm); } else { $random = \Mdanter\Ecc\Random\RandomGeneratorFactory::getRandomGenerator(); } $randomK = $random->generate($generator->getOrder()); $signer = new Signer($adapter); $signature = $signer->sign($key, $hash, $randomK); # $serializer = new DerSignatureSerializer(); # $serializedSig = $serializer->serialize($signature); # echo base64_encode($serializedSig) . PHP_EOL; echo "signature: r=" . $signature->getR() . " s=" . $signature->getS() . PHP_EOL; $pubkey = $key->getPublicKey(); $x = $pubkey->getPoint()->getX(); $y = $pubkey->getPoint()->getY(); echo "public key: x=" . $x . " y=" . $y . PHP_EOL; $publickey = new PublicKey($adapter, $generator, new Point($adapter, EccFactory::getNistCurves()->curve384(), $x, $y)); echo "signature check " . ($signer->verify($publickey, $signature, $hash) ? "passed" : "failed") . PHP_EOL;