In my application I need to work in secure mode.
I'm working with BF527-EZKIT LITE(comes with the authentiction Keys).
how do digitly sign my message ?
The process for signing a message is described within the README file of the VisualDSP++ EZ-Kit Lockbox example.
C:\Program Files\Analog Devices\VisualDSP 5.0\Blackfin\Examples\ADSP-BF527 EZ-KIT Lite\lockbox\lockbox_527_readme.txt
Please also take into consideration the warning notice within the EZ-Kit example README file:
WARNING: Please be aware that the digital signature utility provided is fordemonstration purposes only. It is not sufficiently secure for practicalpurposes. Please do not use the provided digital signature utility to generatedigital signatures for application in your product.
The format and requirements for keys used in the ADI implementation of Lockbox are also described in the Security Chapter of the Processor Hardware Reference Manual.
Please also note that there is an error in the README file which incorrectly lists the value of the EZ-Kit pre-programmed public key (tracked as TAR-41491):
The actual example project files have the correct value and work properly so this is just a documentation issue with the README file.
The Private Key value is correct in all cases.
The incorrect Public Key value is listed as follows:
The demonstration key pair used in the BF54x and BF52x EZ-Kits is:
Public Key: 369368AF243193D001E39CE76BB1D5DA08A9BC0A6 3307AB352338E5EA5C0E05A0C2531866F3E3C2702
The correct value should be listed as follows:
Public Key: 369368AF243193D001E39CE76BB1D5DA08A9BC0A6 15F7A90C841D4F1E1B005E70F167F6EF7CD2E251B
Thanks you for your answer?
Do I have to Develop my message/application into an overlays?
Why can't i write a simple secure function and sign it?
Is there any digial signature caculator suitable to the authentication process of the bf527 ?
Here are responses to your questions - I hope you find this information helpful...
Do I have to Develop my message/application into an overlays?Why can't i write a simple secure function and sign it?
No, you don't have to develop your application using overlays. The Lockbox examples that ship with VisualDSP++ demonstrate an overlay model and are currently the best resource to illustrate how to use Lockbox but you are not limited to this model.
Is there any digital signature calculator suitable to the authentication process of the bf527 ?
ADI does not currently provide a utility or libraries specifically for the purposes of key management.
I am including some links and info to help you with the tasks of key generation and code signing...
There are various resources available to generate keys suitable for use with the ADI implementation of Lockbox due to the fact that the implementation is based upon public standards (ECDSA).
These implementations are based on the Elliptic Curve Digital Signature Algorithm (ECDSA) specified in FIPS 186-2 with Change Notice 1 dated October 5, 2001, Digital Signature Standard (DSS), and specified in ANSI X9.62-1998.
SHA-1 is based on the publicly available standard for FIPS 180-2 (Secure Hash Signature Standard (SHS) (FIPS PUB 180-2).
ECDSA implementation on these Blackfin products only supports the Koblitz curve.
Examples of two resources for software which will help you to generate keys suitable for use with Lockbox are Shamus Software (Product: MIRACL libraries) and Elliptic Semi ((Product: ESS-02). Elliptic can also assist with security system design if needed.
Open source such as crypto++ is another option if you choose to explore it as well.
The critical factor in cryptographically robust key generation is your choice of a seed. It should be of sufficient length and maximum entropy. The key generation method ADI employs for demonstration purposes with our EZ-Kits is not sufficient to safeguard your assets as the 10 digit seed can be more easily broken than the ECDSA crypto of Lockbox. Furthermore, both the public and private keys used in the ADI EZ-Kits are made publicly available in our documentation and were never meant to be used to protect customer assets.
The published public and private key pair used in ADI EZ-Kits was generated using a 9 digit decimal input to seed a pseudo random number generator. This random number generator is NOT truly random. This random number generator is actually implemented as a Marsaglia & Zaman pseudo-random number generator (PRNG). Since there is a 1:1 relationship between the seed and the resulting "random" number, this exposes the private/public key to a brute-force attack by simply generating private/public keys for all 1 billion possible seed values and checking the resulting public keys until you find a match. This exposes the private key! This mehtod of key generation is not cryptographically robust nor is it intended to be and statements to this effect are included within our Tools and examples. It is only provided for demonstration purposes in order to facilitate the use of Lockbox features by our customers.
1) DO NOT USE a weak pseudo random number generator to generate a public/private key pairs for Blackfin Lockbox to be used for protecting valuable assets.
2) Ideally, I would advise you to use a true Hardware Random Number generator (HRNG) to create the private key. This means that you should NEVER be able to generate the same private key twice.
3) You should verify that the random number you chose for the private key is not possible to repeatably reproduce from whatever method you choose to use for your key generation.
I believe you can choose not to use pseudo random number generation routines in many of the resources/libs listed above and instead accept a seed from a true HRNG or a seed of your choosing with acceptable entropy suitable for your application.
The information on this page should be understood before use of any of these numbers:
The following are some of the sources of true random numbers:
Whatever the source of the data - It is critical to independently confirm that the data is truly random.
See http://www.random.org/statistics/ for some of these tests that should be duplicated on the data regardless of its source.
Finally - It is important to avoid random numbers that are easily generated or guessed:
i.e.,: lowest, middle and highest 1 Trillion numbers, binary, hex or decimal boundaries, over-represented, repeating or sequential sequenced digits, numbers that represent real items (telephone numbers, birthdays etc.)
Message was edited by: PhilG (Jan 12, 2010)
I see your email as following:
The utility, ecsgen, distributed for demonstration use as part of the VisualDSP++ Tools relies on a 9 digit decimal input to seed its internal random number generator.
But I can not find it in the Visual DSP tools. How to get it, and whether we have example to generate the Pubilc Key and Private Key.
I am FAE in Shanghai.
Thanks for help.
Actually, we do not distribute a demonstration key-generation utility with VisualDSP.
There are many key-generation libraries out there. Phil points to a couple of them. I would start there.
Also, please keep in mind - as Phil articulates very nicely in his post - the need for an appropriate random seed when generating the key pair.
I've edited the text of my reply above to remove references to 'ecsgen' as this was an internal test utility that is not cryptographically robust and not for public distribution. The point of my post was to advise customers that they should use robust random number generators to generate their own keys even though many libraries available for key generation purposes allow customers to use weak pseudo random number generators as seeds and this should be avoided.
Please refer to the 3rd parties cited in the post above for key generation tools, namely:
Examples of two resources for software which will help you to generate keys suitable for use with Lockbox are Shamus Software (Product: MIRACL libraries) and Elliptic Semi ((Product: ESS-02). Elliptic can also assist with security system design if needed. http://www.shamus.ie/ http://www.ellipticsemi.com/middleware_asymmetric.php
Retrieving data ...