Why are these Botan public keys so similar?

https://stackoverflow.com/questions/14198775

13-01-2022
|

Question

I am using Botan to create public/private ECDSA keypairs. The public keys that are generated (even on different machines using this code) are very similar... too similar to consider safe I would think. Here is an example of two runs:

I am using X509 encoding to encode the public key. Here's the code to generate the ECDSA keys:

LibraryInitializer init;
AutoSeeded_RNG rng;
EC_Group ecGroup("secp256k1");
ECDSA_PrivateKey key(rng, ecGroup);

Why am I generating such similar public keys? And am I right in assuming that isn't "safe" if multiple users were to use this code to generate their own keys?

UPDATE: The answer below seems correct. I emailed the creator of XCA, Christian Hohnstaedt, to probe a little further into how XCA generates this public key and what it is. He replied that it is the EC_POINT and is obtained by using the command

openssl ec -pubin -noout -text

Plugging in the X509 PEM encoded public keys indeed reveals different public EC Points. It should be noted (for other newbs like me) that the public EC Points in the answer do no good for another party on their own - the other party needs to know which EC Group is being used, and that's why the X509 PEM encoding is much more helpful than just an EC Point.

Solution

The actual public keys from these are:

02:77:83:04:A9:B8:B9:B2:9B:BF:48:71:83:38:64:87
4A:00:23:C5:8A:15:3B:35:1F:3F:D0:AB:29:7A:AB:1C
C3

and

02:D4:2B:E4:13:D3:D3:8A:64:FD:1A:2B:EA:E2:06:46
A1:0A:78:1F:1D:C0:8B:5E:47:CA:7F:AF:E3:65:EE:1A
A5

These are not the same, so there is no apparent reason to worry on that front. The data that is the same is the key meta-data and encoding bumf (which you would expect to be the same for identical format keys).

Values obtained by importing into xca (linux). There are better tools for inspecting DER encoded data, but I couldn't find any easily.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow