Friday, 3 November 2017

Use VBA to shell OpenSSL console commands

I've got to ask a long and involved StackOverflow question and paste a load of code but first I'll paste it here and use this as a drafting board.

The use case is using OpenSSL on a Linux server to sign a license (plain text) file with a 384 bit Elliptic Curve Digital Server Algorithm (ECDSA), the verification of the digital signature takes place on a customer's Windows desktop OS running full (Windows) .NET Framework.

The license file and a Base 64 encoded digital signature are emailed to the customer (who is not on a shared corporate network).  The customer is running a C# written .NET Framework (Windows edition) application and verification of the the licence and digital signature unlocks paid-for features.

Now, I say Linux but the example server side code given below is not yet in a Linux scripting language.  I'm prototyping with VBA running on Windows 8, eventually I will convert over to a Linux scripting language but bear with me for the time being. 

The point is I am using OpenSSL console commands and not compiling against any OpenSSL software development kit (C++ headers etc.).

One tricky part (and perhaps is the best place to begin code review) is the digging out of the X and Y co-ordinates that form the public key from the DER file. A DER key file is a binary encoded file that uses Abstract Syntax Notation (ASN1), there are free GUI programs out there such as ASN1. Editor on the Code Project that allows easy inspection, here is a screenshot of a public key file

Luckily, OpenSSL has its own inbuilt ASN1 parser so the same details are written to the console as the following


C:\OpenSSL-Win64\bin\openssl.exe asn1parse -inform DER -in n:\ECDSA\2017-11-03T193106\ec_pubkey.der
    0:d=0  hl=2 l= 118 cons: SEQUENCE          
    2:d=1  hl=2 l=  16 cons: SEQUENCE          
    4:d=2  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
   13:d=2  hl=2 l=   5 prim: OBJECT            :secp384r1
   20:d=1  hl=2 l=  98 prim: BIT STRING        

So at offset 20 there are 98 bytes which contain the X and Y co-ordinates, at byte 20 is a tag (0x03) indicating a string is following and at byte 21 is the length, 98 (any length below 127 needs only one byte). So actually the real 98 bytes of data begin at byte 22 , so I read 100 bytes in total (98+2). At byte 22 is 0x00 which is how BIT STRINGS begin (see Point 5). At byte 23 is 0x04 which indicates that both X and Y follow which is known as uncompressed form (it is possible to give the X value and compute the Y in which case use 0x02 or 0x03). After the 0x04 comes the X and Y coordinates, 48 bytes each because 8 bits in a byte and 8*48=384.

So one digs out two (X & Y) very long hexadecimal numbers as strings. The next pain comes in creating the Xml file suitable for the C# code. The key class is C#'s ECDsaCng and the method to import is FromXmlString and it expected the file to implement standard Rfc4050. The Xml file that C#'s ECDsaCng imports requires X and Y to be in decimal and not hexadecimal so we have to write another function to convert, I translated from another language taken from another Stack Overflow question.

Here is the VBA code (there's quite a lot) and you'll need to change where it will write its working files. The two code blocks to run are EntryPoint1_RunECDSAKeyGenerationBatch_RunOnce and EntryPoint2_RunHashAndSignBatch

It should be taken as read that OpenSSL has been installed, my version is at C:\OpenSSL-Win64\



Option Explicit
Option Private Module

'******* Requires Tools->References to the following libraries
'* Microsoft ActiveX Data Objects 6.1 Library           C:\Program Files (x86)\Common Files\System\ado\msado15.dll
'* Microsoft Scripting Runtime                          C:\Windows\SysWOW64\scrrun.dll
'* Microsoft XML, v.6.0                                 C:\Windows\SysWOW64\msxml6.dll
'* Windows Script HostObject Model                      C:\Windows\SysWOW64\wshom.ocx
'* Microsoft VBScript Regular Expressions 5.5           C:\Windows\SysWOW64\vbscript.dll\3
'* Microsoft Script Control 1.0                         C:\Windows\SysWOW64\msscript.ocx

Private fso As New Scripting.FileSystemObject
Private Const sOPENSSL_BIN As String = "C:\OpenSSL-Win64\bin\openssl.exe"  '* installation for OpenSSL
Private msBatchDir As Variant '* hold over so we can sign multiple times

Private Property Get BatchDir() As String
    '* the point of this property procedure is to interpret the contents of
    '* the module level variable msBatchDir, which is a Variant and which
    '* when empty signals not yet set.  If not yet set then we return a default
    '* for testing convenience

    If IsEmpty(msBatchDir) Then
        '* place your favourite default here
        msBatchDir = "n:\ECDSA\2017-11-05T225657\"
    End If
    BatchDir = msBatchDir
End Property

Private Sub TestLoop()

    Dim l
    For l = 1 To 3
        EntryPoint1_RunECDSAKeyGenerationBatch_RunOnce
        EntryPoint2_RunHashAndSignBatch
    Next l

End Sub


'* KEY ENTRY POINT 1 OF 2
Private Sub EntryPoint1_RunECDSAKeyGenerationBatch_RunOnce()
    '* Notes:
    '* during development I felt it convenient to start afresh whilst
    '* experimenting with different flags.  The best way to start afresh I
    '* found was to give myself a new directory for each run
    '* so here you'll find we create a directory based on timestamp
    


    '* you'll need to change this and create your own folder
    Const sROOT_DIRECTORY As String = "n:\ECDSA\"
    
    '* create a timestamped and thus unique folder to do our work in
    msBatchDir = sROOT_DIRECTORY & Format(Now(), "yyyy-MM-ddTHHnnss")
    Debug.Print "Creating batch directory :" & msBatchDir
    
    '* zap anything previous (unlikely)
    If fso.FolderExists(msBatchDir) Then fso.DeleteFolder msBatchDir
    fso.CreateFolder msBatchDir
    
    Dim bReturn As Boolean
    bReturn = RunECDSAKeyGenerationBatch_RunOnce(msBatchDir)
    
    
End Sub

'* KEY ENTRY POINT 2 OF 2
Private Sub EntryPoint2_RunHashAndSignBatch()
    
    '* using the same folder as the license key creation logic
    Dim sBatchDir As String
    sBatchDir = BatchDir()
    
    Dim sSignableFile As String
    sSignableFile = fso.BuildPath(sBatchDir, "license.txt")
    
    
    
    '* we write a trivial 5 bytes to a file
    '* as a simple substitute for our license file
    Dim bReturn As Boolean
    
    If Not True Then
        bReturn = WriteStringToFile("Hello World", sSignableFile)
    
    Else
        Dim sRandomText As String
        sRandomText = RandomText2
        
        Debug.Print sRandomText
        bReturn = WriteStringToFile(sRandomText, sSignableFile)
    
    End If
    

    If bReturn Then
    
        '* we need a file to contain bothe private and public keys
        '* this will live on the server
        Dim sKeyFile As String
        sKeyFile = fso.BuildPath(sBatchDir, "ec_key.pem")
    
        '* we need a file that contains only the public keys
        '* so we can distribute to customers for digital
        '* signature verification
        Dim sPublicKeyFile As String
        sPublicKeyFile = fso.BuildPath(sBatchDir, "ec_pubkey.pem")
    
        '* hash file was for debugging, not stricly necessary
        Dim sHashFile As String
        sHashFile = fso.BuildPath(sBatchDir, "license.sha256")
    
        '* the binary version of the license signature
        '* this is an interim file because not good for emails
        Dim sSignatureFile As String
        sSignatureFile = fso.BuildPath(sBatchDir, "license.sig")
    
        '* this base 64 version of license.sig allows contents to be pasted into
        '* an email.
        Dim sSignatureFileBase64 As String
        sSignatureFileBase64 = fso.BuildPath(sBatchDir, "license.sigb64")
    
    
    
        bReturn = RunHashAndSignBatch(sKeyFile, sPublicKeyFile, sSignableFile, sHashFile, sSignatureFile, sSignatureFileBase64)
    
        Debug.Assert bReturn
        
        RunCSharp "", "", ""
        
    End If
End Sub

Private Function RandomText2() As String
    
    'http://www.randomtext.me/api/
    Dim oXHR As MSXML2.XMLHTTP60
    Set oXHR = New MSXML2.XMLHTTP60
    
    'oXHR.Open "GET", "http://www.randomtext.me/api/"
    oXHR.Open "GET", "http://www.randomtext.me/api/gibberish/p-5/25-45"
    '#
    oXHR.send
    
    Dim oParseJSON As Object
    Set oParseJSON = ParseJSON(oXHR.responseText)
    
    RandomText2 = VBA.CallByName(oParseJSON, "text_out", VbGet)
    
End Function

Function ParseJSON(ByVal sJSON As String) As Object

    '* Tools->References->Microsoft Script Control 1.0   (msscript.ocx)
    Static oScriptControl As MSScriptControl.ScriptControl
    If oScriptControl Is Nothing Then
        Set oScriptControl = New MSScriptControl.ScriptControl
        oScriptControl.Language = "javascript"
    End If
    
    Dim oParsed As Object
    Set ParseJSON = oScriptControl.Eval("(" & sJSON & ")")
End Function


Private Function RunECDSAKeyGenerationBatch_RunOnce(ByVal sBatchDir As String) As Boolean

    '* generates paths for all our files
    Dim sECDSA_KEYFILE As String
    sECDSA_KEYFILE = fso.BuildPath(sBatchDir, "ec_key.pem")
    
    '* this is a pretty print file for debugging where
    '* OpenSSL outputs in a hexadecimal
    Dim sECDSA_KEYFILE_Text As String
    sECDSA_KEYFILE_Text = fso.BuildPath(sBatchDir, "ec_key.txt")
    
    '* the PEM files is in a text format cut and pastable into an email
    Dim sECDSA_PublicKeyPemFile As String
    sECDSA_PublicKeyPemFile = fso.BuildPath(sBatchDir, "ec_pubkey.pem")
    
    '* the DER file is required for debugging verification on the server
    '* and not strictly required for production
    Dim sECDSA_PublicKeyDerFile As String
    sECDSA_PublicKeyDerFile = fso.BuildPath(sBatchDir, "ec_pubkey.der")
    
    '* generate the keys by calling shelling subroutine
    Dim bReturn As Boolean
    bReturn = OpenSSL_GenECDSAKeys(sECDSA_KEYFILE, sECDSA_PublicKeyDerFile, sECDSA_PublicKeyPemFile)

    If bReturn Then

        '* only for debugging do we output the private key in plain text
        If Len(Trim(sECDSA_KEYFILE_Text)) > 0 Then
            
            '* for debugging generate the text "pretty print"
            OpenSSL_PrettyPrintKey sECDSA_KEYFILE, sECDSA_KEYFILE_Text
        End If

        '* The ECDsaCng C# class has a FromXmlString import method
        '* which consumes an Xml file conforming to standard Rfc4050
        Dim sECDSA_XmlExport As String
        sECDSA_XmlExport = fso.BuildPath(sBatchDir, "ec_pubkey.xml")
        
        bReturn = ExportECDSAToXml(sECDSA_PublicKeyDerFile, sECDSA_XmlExport)


    End If
    RunECDSAKeyGenerationBatch_RunOnce = bReturn
End Function



Private Function RunHashAndSignBatch(ByVal sKeyFile As String, ByVal sPublicKeyFile As String, ByVal sSignableFile As String, _
                                    ByVal sHashFile As String, ByVal sSignatureFile As String, ByVal sSignatureFileBase64 As String) As Boolean
    
    '* the hash is for debugging, not strictly necessary
    Dim bReturn As Boolean
    bReturn = OpenSSL_Hash(sKeyFile, sSignableFile, sHashFile)
    

    If bReturn Then
        '* we really need the base64 signature so we can cut and paste
        '* contents into an email
        bReturn = OpenSSL_SignDigest(sKeyFile, sSignableFile, sSignatureFile, sSignatureFileBase64)
    
    
        If bReturn Then
            '* as a debugging/sanity check we verify the signature
            bReturn = OpenSSL_VerifySignature(sPublicKeyFile, sSignatureFile, sSignableFile)
        
        End If
    
    
    End If

    RunHashAndSignBatch = bReturn
End Function




Private Function OpenSSL_PrettyPrintKey(ByVal sEcdsaKeyFile As String, _
                                    ByVal sEcdsaPrettyPrintFile As String) As Boolean
                                    
    '* ordinarily OpenSSL spits out a binary file but if yopu want to inspect the contents
    '* in a text file viewer then use this routine to create a viewable file
    
    '* sample output ...
    
    'Private-Key: (384 bit)
    'priv:
    '    54:ba:af:0d:dd:65:15:96:c6:33:ad:c8:2e:b5:3f:
    '    d3:c4:80:59:d3:50:9d:81:71:ea:bd:49:b5:14:cc:
    '    6a:e2:d9:43:1f:48:d9:35:ec:00:fa:5d:71:be:7a:
    '    c6:0a:a7
    'pub:
    '    04:1b:aa:e5:53:22:cd:d0:d7:da:fd:da:35:46:5a:
    '    ed:d3:0c:b3:6c:04:ad:69:3a:a3:3e:3a:47:ea:1e:
    '    9a:ca:9d:5b:7a:7d:29:f3:84:bd:b2:df:d4:79:de:
    '    8e:e7:1b:68:b7:61:b7:32:54:78:ef:5f:9b:8c:4f:
    '    a3:73:50:cf:1b:90:7c:2e:cf:24:5e:aa:54:ad:19:
    '    82:b6:26:f3:86:df:b6:d4:4a:45:01:02:76:fc:44:
    '    86:58:ee:eb:6d:f3:db
    'ASN1 OID: secp384r1
    'NIST CURVE: P -384
                                    
                                    
                                    
    Debug.Assert fso.FileExists(sOPENSSL_BIN)
    Debug.Assert fso.FileExists(sEcdsaKeyFile)
    
    If fso.FileExists(sEcdsaPrettyPrintFile) Then fso.DeleteFile sEcdsaPrettyPrintFile
    Debug.Assert Not fso.FileExists(sEcdsaPrettyPrintFile)
    
    Dim sPrettyPrintKeyCmd As String
    sPrettyPrintKeyCmd = sOPENSSL_BIN & " ec -noout -text -in " & sEcdsaKeyFile & " -out " & sEcdsaPrettyPrintFile
    
    Dim ePrettyPrintKeyStatus As WshExecStatus, sPrettyPrintKeyStdOut As String, sPrettyPrintKeyStdErr As String
    ePrettyPrintKeyStatus = RunShellAndWait(sPrettyPrintKeyCmd, sPrettyPrintKeyStdOut, sPrettyPrintKeyStdErr)
    
    If ePrettyPrintKeyStatus = WshFailed Then
        Debug.Print sPrettyPrintKeyStdErr
    Else
        Debug.Print sPrettyPrintKeyStdOut
        Debug.Assert fso.FileExists(sEcdsaPrettyPrintFile)
        Debug.Print fso.OpenTextFile(sEcdsaPrettyPrintFile).ReadAll
        OpenSSL_PrettyPrintKey = True
    End If
        'Stop
    
    

End Function

'

Private Function RunCSharp(ByVal sEcdsaKeyFile As String, _
                                    ByVal sEcdsaPublicKeyDerFile As String, _
                                    ByVal sEcdsaPublicKeyPemFile As String) As Boolean

    '* this routine generates the key pair (private and public) file which resides on
    '* the server and also the public key only file (in two formats here for debugging)
    Const sCSHARP As String = "C:\Users\Simon\Documents\Visual Studio 2017\Projects\ECDSAVerifySignature\ECDSAVerifySignature\bin\Debug\ECDSAVerifySignature.exe"
    Debug.Assert fso.FileExists(sCSHARP)
    
    Dim sBatchDir As String
    sBatchDir = BatchDir()
    Debug.Assert fso.FolderExists(sBatchDir)

    Dim sWinFile As String
    sWinFile = fso.BuildPath(sBatchDir, "win.txt")
    
    If fso.FileExists(sWinFile) Then fso.DeleteFile sWinFile
    Debug.Assert Not fso.FileExists(sWinFile)

    Dim sCSharpCmd As String
    sCSharpCmd = sCSHARP & " " & sBatchDir

    Dim eCSharpStatus As WshExecStatus, sCSharpStdOut As String, sCSharpStdErr As String
    eCSharpStatus = RunShellAndWait(sCSharpCmd, sCSharpStdOut, sCSharpStdErr)
    
    If eCSharpStatus = WshFailed Then
        Debug.Print sCSharpStdErr
    Else
        Debug.Print sCSharpStdOut
        'Debug.Assert fso.FileExists(sWinFile)
    End If

End Function


Private Function OpenSSL_GenECDSAKeys(ByVal sEcdsaKeyFile As String, _
                                    ByVal sEcdsaPublicKeyDerFile As String, _
                                    ByVal sEcdsaPublicKeyPemFile As String) As Boolean

    '* this routine generates the key pair (private and public) file which resides on
    '* the server and also the public key only file (in two formats here for debugging)

    Debug.Assert fso.FileExists(sOPENSSL_BIN)

    If fso.FileExists(sEcdsaKeyFile) Then fso.DeleteFile sEcdsaKeyFile
    Debug.Assert Not fso.FileExists(sEcdsaKeyFile)

    Dim sGenKeyCmd As String
    sGenKeyCmd = sOPENSSL_BIN & " ecparam -genkey -name secp384r1 -out " & sEcdsaKeyFile

    Dim eGenKeyStatus As WshExecStatus, sGenKeyStdOut As String, sGenKeyStdErr As String
    eGenKeyStatus = RunShellAndWait(sGenKeyCmd, sGenKeyStdOut, sGenKeyStdErr)
    
    If eGenKeyStatus = WshFailed Then
        Debug.Print sGenKeyStdErr
    Else
        Debug.Print sGenKeyStdOut
        Debug.Assert fso.FileExists(sEcdsaKeyFile)
        'Stop
    
        If fso.FileExists(sEcdsaPublicKeyDerFile) Then fso.DeleteFile sEcdsaPublicKeyDerFile
        Debug.Assert Not fso.FileExists(sEcdsaPublicKeyDerFile)
    
        Dim sPublicKeyDerCmd As String
        sPublicKeyDerCmd = sOPENSSL_BIN & " ec -pubout -outform DER -in " & sEcdsaKeyFile & " -out " & sEcdsaPublicKeyDerFile
    
        Dim ePublicKeyDerStatus As WshExecStatus, sPublicKeyDerStdOut As String, sPublicKeyDerStdErr As String
        ePublicKeyDerStatus = RunShellAndWait(sPublicKeyDerCmd, sPublicKeyDerStdOut, sPublicKeyDerStdErr)
        Debug.Assert Len(Trim(sPublicKeyDerStdErr))
        Debug.Assert fso.FileExists(sEcdsaPublicKeyDerFile)
    
    
    
        Dim sPublicKeyPemCmd As String
        sPublicKeyPemCmd = sOPENSSL_BIN & " ec -pubout -outform PEM -in " & sEcdsaKeyFile & " -out " & sEcdsaPublicKeyPemFile
    
        Dim ePublicKeyPemStatus As WshExecStatus, sPublicKeyPemStdOut As String, sPublicKeyPemStdErr As String
        ePublicKeyPemStatus = RunShellAndWait(sPublicKeyPemCmd, sPublicKeyPemStdOut, sPublicKeyPemStdErr)
        Debug.Assert Len(Trim(sPublicKeyPemStdErr))
        Debug.Assert fso.FileExists(sEcdsaPublicKeyPemFile)
        
        If ePublicKeyPemStatus = WshFailed Then
            Debug.Print sPublicKeyPemStdErr
        Else
            Debug.Print sPublicKeyPemStdOut
            Debug.Assert fso.FileExists(sEcdsaPublicKeyDerFile)
            Debug.Assert fso.FileExists(sEcdsaPublicKeyPemFile)
            OpenSSL_GenECDSAKeys = True
        End If
    End If

End Function

Private Function OpenSSL_Hash(ByVal sEcdsaKeyFile As String, _
                                    ByVal sFileToSign As String, _
                                    ByVal sHashFile As String) As Boolean
    '* this generates a hash file, I needed this because I'm trying to diagnose
    '* a problem with some C# code which also hashes some bytes
                                    
    Debug.Assert fso.FileExists(sFileToSign)
    Debug.Assert fso.FileExists(sEcdsaKeyFile)
    Debug.Assert fso.FileExists(sOPENSSL_BIN)

    If fso.FileExists(sHashFile) Then fso.DeleteFile sHashFile
    Debug.Assert Not fso.FileExists(sHashFile)

    Dim sHashCmd As String
    sHashCmd = sOPENSSL_BIN & " dgst -sha256 -out " & sHashFile & " " & sFileToSign
    Dim eHashStatus As WshExecStatus, sHashStdOut As String, sHashStdErr As String
    eHashStatus = RunShellAndWait(sHashCmd, sHashStdOut, sHashStdErr)
    
    If eHashStatus = WshFailed Then
        Debug.Print sHashStdErr
    Else
    
        Debug.Print sHashStdOut
        Debug.Assert fso.FileExists(sHashFile)
        
        Debug.Print fso.OpenTextFile(sHashFile).ReadAll
        
        OpenSSL_Hash = True
        
    End If

End Function


Private Function OpenSSL_SignDigest(ByVal sEcdsaKeyFile As String, _
                                    ByVal sFileToSign As String, _
                                    ByVal sSignatureFile As String, _
                                    ByVal sSignatureFileBase64 As String) As Boolean

    '* this code takes a signable file, hashes it to a digest and then signs the digest
    '* further, it creates a base 64 version of the signature file the contents
    '* of which can be cut and pasted into an email.

    Debug.Assert fso.FileExists(sFileToSign)
    Debug.Assert fso.FileExists(sEcdsaKeyFile)
    Debug.Assert fso.FileExists(sOPENSSL_BIN)

    If fso.FileExists(sSignatureFile) Then fso.DeleteFile sSignatureFile
    Debug.Assert Not fso.FileExists(sSignatureFile)

    Dim sSignCmd As String
    sSignCmd = sOPENSSL_BIN & " dgst -sha256 -sign " & sEcdsaKeyFile & " -out " & sSignatureFile & " " & sFileToSign
    Dim eSignStatus As WshExecStatus, sSignStdOut As String, sSignStdErr As String
    eSignStatus = RunShellAndWait(sSignCmd, sSignStdOut, sSignStdErr)
    
    If eSignStatus = WshFailed Then
        Debug.Print sSignStdErr
    Else
        Debug.Print sSignStdOut
        Debug.Assert fso.FileExists(sSignatureFile)
        'OpenSSL_SignDigest = True
        
        Dim sEditedSignatureFile As String
        sEditedSignatureFile = VBA.Replace(sSignatureFile, ".sig", ".siged")
        
        ExtractSignatureFromDerFile sSignatureFile, sEditedSignatureFile
        Debug.Assert fso.FileExists(sEditedSignatureFile)
        
        Dim sBase64Cmd As String
        sBase64Cmd = sOPENSSL_BIN & " base64 -in " & sEditedSignatureFile & " -out " & sSignatureFileBase64

        Dim eBase64Status As WshExecStatus, sBase64StdOut As String, sBase64StdErr As String
        eBase64Status = RunShellAndWait(sBase64Cmd, sBase64StdOut, sBase64StdErr)

        If eBase64Status = WshFailed Then
            Debug.Print sBase64StdErr
        Else
            Debug.Print sBase64StdOut
            Debug.Assert fso.FileExists(sSignatureFileBase64)

            OpenSSL_SignDigest = True
        End If
        
    End If

End Function



Private Function OpenSSL_VerifySignature(ByVal sEcdsaKeyFile As String, _
                                        ByVal sSignatureFile As String, _
                                        ByVal sFileToSign As String) As Boolean
    '* this was for debugging only because I'm trying to diagnose a C#
    '* problem and was wondering if I was calling the OpenSSL commands wrong.
                                        
    Debug.Assert fso.FileExists(sSignatureFile)
    Debug.Assert fso.FileExists(sEcdsaKeyFile)
    Debug.Assert fso.FileExists(sFileToSign)
    
    
    Dim sVerifyCmd As String
    sVerifyCmd = sOPENSSL_BIN & " dgst -sha256 -verify " & sEcdsaKeyFile & " -signature " & sSignatureFile & " " & sFileToSign
    
    Dim eVerifyStatus As WshExecStatus, sVerifyStdOut As String, sVerifyStdErr As String
    eVerifyStatus = RunShellAndWait(sVerifyCmd, sVerifyStdOut, sVerifyStdErr)
    
    If StrComp(Left$(sVerifyStdOut, 11), "Verified OK") = 0 Then
        Debug.Print "Verification success"
    Else
        Debug.Print "Verification failed"
        Debug.Print "err:" & sVerifyStdErr
    End If
    
    OpenSSL_VerifySignature = True
    
End Function





Private Function RunShellAndWait(ByVal sCmdLine As String, _
                                ByRef psStdOut As String, _
                                ByRef psStdErr As String) As IWshRuntimeLibrary.WshExecStatus
    
    '* This is a better Shell routine than the in built VBA.Shell function as it allows up
    '* to easily capture the standard out and standard error pipes which is essential
    '* for console commands
    
    Static oShell As IWshRuntimeLibrary.WshShell
    If oShell Is Nothing Then
        Set oShell = New IWshRuntimeLibrary.WshShell
    End If
    
    Debug.Print sCmdLine
    Dim oExec As IWshRuntimeLibrary.WshExec
    Set oExec = oShell.Exec(sCmdLine)

    While oExec.Status = WshRunning
        DoEvents
    Wend
    
    psStdOut = oExec.StdOut.ReadAll
    psStdErr = oExec.StdErr.ReadAll

    RunShellAndWait = oExec.Status
    Set oExec = Nothing
End Function


Private Function RegExpOffsetAndLengthFromASN1Parse(ByVal sLine As String, ByRef plOffset As Long, ByRef plLength As Long) As Boolean

    '* use regular expressions to dig out numbers from ASN1 parse results
    '* if always using 384 bit then we always be 20 and 98
    '* but for future use we may use 512 bit or a change of curve etc.

    Dim oRE As VBScript_RegExp_55.RegExp
    Set oRE = New VBScript_RegExp_55.RegExp
    oRE.Pattern = "(\d.):d=1  hl=2 l=  (\d.) prim: BIT STRING"
    Debug.Assert oRE.Test("20:d=1  hl=2 l=  98 prim: BIT STRING")  '* should always be this but for future use ....
    
    Dim oMatchCol As VBScript_RegExp_55.MatchCollection
    Set oMatchCol = oRE.Execute(sLine)
    
    Dim oMatch As VBScript_RegExp_55.Match
    Set oMatch = oMatchCol.Item(0)
    
    plOffset = oMatch.SubMatches(0)
    plLength = oMatch.SubMatches(1)
    
    RegExpOffsetAndLengthFromASN1Parse = True
End Function


Private Sub TestExtractSignatureFromDerFile()
    Dim sSigFile As String
    sSigFile = "N:\ecdsa\2017-11-05T225657\license.sig"
    Debug.Assert fso.FileExists(sSigFile)
    
    Dim sSigFileEd As String
    sSigFileEd = "N:\ecdsa\2017-11-05T225657\license.siged"
    
    ExtractSignatureFromDerFile sSigFile, sSigFileEd

End Sub

Private Function ExtractSignatureFromDerFile(ByVal sSignatureFile As String, ByVal sEditedSignatureFile As String)

    Dim sASN1ParseSigCmd As String
    sASN1ParseSigCmd = sOPENSSL_BIN & " asn1parse -inform DER -in " & sSignatureFile

    Dim eASN1ParseSigStatus As WshExecStatus, sASN1ParseSigStdOut As String, sASN1ParseSigStdErr As String
    eASN1ParseSigStatus = RunShellAndWait(sASN1ParseSigCmd, sASN1ParseSigStdOut, sASN1ParseSigStdErr)
    Debug.Print sASN1ParseSigStdOut


    Dim vOutputSplit As Variant
    vOutputSplit = VBA.Split(sASN1ParseSigStdOut, vbNewLine)
    
    '* remove the traling blank line
    If Trim(vOutputSplit(UBound(vOutputSplit))) = "" Then ReDim Preserve vOutputSplit(0 To UBound(vOutputSplit) - 1)



    Dim lIntegerLoop As Long: lIntegerLoop = 0

    Dim alOffsets(0 To 1) As Long
    Dim alLengths(0 To 1) As Long
    Dim asIntegers(0 To 1) As String
    

    Dim lTotalBytes As Long: lTotalBytes = 0
    Dim vLoop As Variant
    For Each vLoop In vOutputSplit
        Dim sSigInt As String: sSigInt = vbNullString
        Dim lOffset As Long: lOffset = 0
        Dim lLength As Long: lLength = 0
        If RegExpSignatureInteger(vLoop, lOffset, lLength, sSigInt) Then
            
            alOffsets(lIntegerLoop) = lOffset
            alLengths(lIntegerLoop) = lLength
            asIntegers(lIntegerLoop) = sSigInt
            
            lTotalBytes = lTotalBytes + lLength
            
            lIntegerLoop = lIntegerLoop + 1
        End If
    Next vLoop
    
    Dim abytSig() As Byte
    Dim asSigHexs() As String  '* for debugging

    '* read in the whole file into a byte array
    ReadFileAsBytes sSignatureFile, abytSig
    
    '* for debugging create an array of hexadecimals
    ByteArrayToHexStringArray abytSig, asSigHexs
    
    For lIntegerLoop = 0 To 1
        fso.CreateTextFile fso.BuildPath(BatchDir(), lIntegerLoop & "_" & alLengths(lIntegerLoop))
        If alLengths(lIntegerLoop) = 49 Then
            
            '* silly null byte
            'Debug.Assert abytSig(3) = 0
            
            '* ignore the null byte
            alLengths(lIntegerLoop) = 48
            alOffsets(lIntegerLoop) = alOffsets(lIntegerLoop) + 1
        
        End If
    Next
    
    Dim abytInteger0() As Byte
    CopyArraySlice abytSig, alOffsets(0) + 2, alLengths(0), abytInteger0()
    
    Dim abytInteger1() As Byte
    CopyArraySlice abytSig, alOffsets(1) + 2, alLengths(1), abytInteger1()
    
    
    ReDim abytIntegers0And1(0 To alLengths(0) + alLengths(1) - 1) As Byte
    
    
    Dim lConcatByteLoop As Long: lConcatByteLoop = 0
    lIntegerLoop = 0
    For lIntegerLoop = 0 To 1
        Dim lByteLoop As Long
        For lByteLoop = 0 To alLengths(lIntegerLoop) - 1
            Dim byt As Byte
            If lIntegerLoop = 0 Then
                byt = abytInteger0(lByteLoop)
            Else
                byt = abytInteger1(lByteLoop)
            End If
        
            abytIntegers0And1(lConcatByteLoop) = byt
            lConcatByteLoop = lConcatByteLoop + 1
        Next lByteLoop
    
    Next lIntegerLoop
    
    'Dim lByteLoop As Long
    'for lByteLoop-
    
    'Stop
    
'    Dim bitString() As Byte
'    '* need extra 2 bytes because of leading type and length bytes
'    CopyArraySlice abytes, lOffset, lLength + 2, bitString()
'
'    '* some asserts which pin down structure of the bytes
'    Debug.Assert bitString(0) = 3  '* TAG for BIT STRING
'    Debug.Assert bitString(1) = lLength
'
    
    
    
    'Stop
    
    'Debug.Assert dicIntegers.Count = 2
    'sIntegers(0) = dicIntegers(dicIntegers.Keys()(0))
    'sIntegers(1) = dicIntegers(dicIntegers.Keys()(1))
    
    'Debug.Assert Len(sIntegers(0)) = Len(sIntegers(1))
    'Debug.Assert Len(sIntegers(0)) Mod 2 = 0
    
'    Dim lStringLen As Long
'    lStringLen = Len(sIntegers(0))
'
'    Dim lByteLen As Long
'    lByteLen = lStringLen / 2
'
'
'    ReDim byt(0 To lTotalBytes - 1) As Byte
'
'    Dim lIntegerLoop As Long
'    For lIntegerLoop = 0 To 1
'        Dim lCharLoop As Long
'        For lCharLoop = 0 To lByteLen - 1
'
'            Dim sChar2 As String
'            sChar2 = Mid$(sIntegers(lIntegerLoop), (lCharLoop * 2) + 1, 2)
'
'            Debug.Assert Len(sChar2) > 0
'
'            Dim bChar2 As Byte
'            bChar2 = Val("&h" & sChar2)
'
'            byt(lCharLoop + lIntegerLoop * lByteLen) = bChar2
'
'        Next lCharLoop
'    Next
    
    If fso.FileExists(sEditedSignatureFile) Then fso.DeleteFile sEditedSignatureFile
    SaveBytesAsFile sEditedSignatureFile, abytIntegers0And1()
    
    Debug.Assert fso.FileExists(sEditedSignatureFile)
    

End Function


Private Function RegExpSignatureInteger(ByVal sLine As String, ByRef plOffset As Long, ByRef plLength As Long, ByRef psSignatureInterger As String) As Boolean
    

    '* use regular expressions to dig out numbers from ASN1 parse results
    '* if always using 384 bit then we always be 20 and 98
    '* but for future use we may use 512 bit or a change of curve etc.

    Dim oRE As VBScript_RegExp_55.RegExp
    Set oRE = New VBScript_RegExp_55.RegExp
    oRE.Pattern = "^\s*(\d+):d=1  hl=2 l=  (\d+) prim: INTEGER\s*:(.+)"
    
    
    Debug.Assert oRE.Test("    2:d=1  hl=2 l=  49 prim: INTEGER           :ADFF05570D228E657E98F5455D1772F23224389641F9FA8DCC37B39816BE0C9F871BBABAF4F73ECDDB7BA6814502A85D")
    Debug.Assert oRE.Test("   53:d=1  hl=2 l=  49 prim: INTEGER           :83A977122AF40623AF0C1C64CDEA761E77C534FCA267F2DA6F340CE6AB371F8419464DCC38C5F41729EB421F384A72A1")
    Debug.Assert oRE.Test("    2:d=1  hl=2 l=  48 prim: INTEGER           :195848488FC6A5888D6433E5B714A45A515EE6CBF1B0C952EE35E51F6D678A2623170AE9DE2E0A29B7D47EDC8F95C264")
    Debug.Assert oRE.Test("   52:d=1  hl=2 l=  48 prim: INTEGER           :4789B87BFFC7AC24DA6A9223805EC25EDD6444B483689B2CDBA73056F939C0127228F2632A387BDF6AF93B9A3EAC548E")
    
    If oRE.Test(sLine) Then
    
        Dim oMatchCol As VBScript_RegExp_55.MatchCollection
        Set oMatchCol = oRE.Execute(sLine)
        
        Dim oMatch As VBScript_RegExp_55.Match
        Set oMatch = oMatchCol.Item(0)
        
        plOffset = oMatch.SubMatches(0)
        plLength = oMatch.SubMatches(1)
        psSignatureInterger = oMatch.SubMatches(2)
        
        
        RegExpSignatureInteger = True
    End If
End Function


Private Function ExportECDSAToXml(ByVal sPublicKeyFile As String, ByVal sXmlFile As String) As Boolean

    '* C#'s ECDsaCng class has a FromXmlString method which imports public key from a xml file Rfc4050
    '* In this subroutine we use OpenSSL's asn1parse command to determine where the X and Y coordinates
    '* are to be found, we dig them out and then markup an Xml file

    '* sample output
    
    '
    '  
    '    
    '  
    '  
    '    
    '    
    '  
    '


    Dim sASN1ParseCmd As String
    sASN1ParseCmd = sOPENSSL_BIN & " asn1parse -inform DER -in " & sPublicKeyFile

    Dim eASN1ParseStatus As WshExecStatus, sASN1ParseStdOut As String, sASN1ParseStdErr As String
    eASN1ParseStatus = RunShellAndWait(sASN1ParseCmd, sASN1ParseStdOut, sASN1ParseStdErr)
    Debug.Print sASN1ParseStdOut
    
    '* sample output from standard out pipe is given blow.
    '* we need to dig into the BIT STRING which is the final item
    '* we need offset and length which is always 20 and 98 for 384 bit ECDSA
    '* but I have written logic in case we want to upgrade to 512 or change of curve etc.
    '    0:d=0  hl=2 l= 118 cons: SEQUENCE
    '    2:d=1  hl=2 l=  16 cons: SEQUENCE
    '    4:d=2  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
    '   13:d=2  hl=2 l=   5 prim: OBJECT            :secp384r1
    '   20:d=1  hl=2 l=  98 prim: BIT STRING
    
    
    
    Dim vOutputSplit As Variant
    vOutputSplit = VBA.Split(sASN1ParseStdOut, vbNewLine)
    
    '* remove the traling blank line
    If Trim(vOutputSplit(UBound(vOutputSplit))) = "" Then ReDim Preserve vOutputSplit(0 To UBound(vOutputSplit) - 1)

    '* final line should be the long bit string, i.e. contain 'BIT STRING'
    Debug.Assert StrComp("BIT STRING", Right$(Trim(vOutputSplit(UBound(vOutputSplit))), 10)) = 0

    '* use regular expression to dig out offset and length
    Dim lOffset As Long, lLength As Long
    RegExpOffsetAndLengthFromASN1Parse Trim(vOutputSplit(UBound(vOutputSplit))), lOffset, lLength
    
    Dim abytes() As Byte
    Dim asHexs() As String  '* for debugging

    '* read in the whole file into a byte array
    ReadFileAsBytes sPublicKeyFile, abytes
    
    '* for debugging create an array of hexadecimals
    ByteArrayToHexStringArray abytes, asHexs
    
    
    Dim bitString() As Byte
    '* need extra 2 bytes because of leading type and length bytes
    CopyArraySlice abytes, lOffset, lLength + 2, bitString()
    
    '* some asserts which pin down structure of the bytes
    Debug.Assert bitString(0) = 3  '* TAG for BIT STRING
    Debug.Assert bitString(1) = lLength

    '* From Point 5 at http://certificate.fyicenter.com/2221_View_Website_Server_Certificate_in_Google_Chrome.html
    '* "ASN.1 BIT STRING value is stored with DER encoding as the value itself with an extra leading byte of 0x00. "
    Debug.Assert bitString(2) = 0
    
    '* 0x04 means by x and y values follow, i.e. uncompressed
    '* (instead of just one from which the other can be derived, leading with 0x02 or 0x03)
    '* https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm
    Debug.Assert bitString(3) = 4
    'Stop
    

    
    Dim x() As Byte
    Dim y() As Byte
    
    '* slice out the 48 bits for nopth x and y
    '* why 48?  because 48*8=384 bits(change for 512)
    CopyArraySlice bitString, 4, 48, x()
    CopyArraySlice bitString, 52, 48, y()
    
    '* convert bytes to hex string for x coord
    Dim sHexX As String
    sHexX = ByteArrayToHexString(x(), "")
    
    Debug.Print "sHexX:" & sHexX
    
    '* convert bytes to hex string for y coord
    Dim sHexY As String
    sHexY = ByteArrayToHexString(y(), "")
    
    Debug.Print "sHexY:" & sHexY
    
    '* convert hexadeciumal to plain decimal
    '* as Xml file requires it
    Dim sDecX As String
    sDecX = HexToDecimal(sHexX)
    
    Debug.Print "sDecX:" & sDecX
    
    '* convert hexadeciumal to plain decimal
    '* as Xml file requires it
    Dim sDecY As String
    sDecY = HexToDecimal(sHexY)
    
    Debug.Print "sDecY:" & sDecY
    
    
    '* create the xml file from a template
    Dim dom2 As MSXML2.DOMDocument60
    Set dom2 = New MSXML2.DOMDocument60
    dom2.LoadXML ECDSAXml(sDecX, sDecY)
    Debug.Assert dom2.parseError.ErrorCode = 0
    
    
    dom2.Save sXmlFile
    
    Debug.Print dom2.XML
    Set dom2 = Nothing
    
    
    Debug.Assert CreateObject("Scripting.FileSystemObject").FileExists(sXmlFile)
    

End Function

Private Function CopyArraySlice(ByRef abOriginal() As Byte, _
            ByVal lStart As Long, ByVal lLength As Long, ByRef abNewSlice() As Byte) As Boolean
            
    '* this copies a slice of an array of bytes to another
    '* caller declares the result array and this code re-dimensions it
            
    Debug.Assert lLength >= 1
    Debug.Assert lStart >= 0
    ReDim abNewSlice(0 To lLength - 1)

    Dim lLoop As Long
    For lLoop = 0 To lLength - 1
        Dim lLoop2 As Long
        lLoop2 = lLoop + lStart
    
        abNewSlice(lLoop) = abOriginal(lLoop2)
    Next lLoop
End Function


Private Function ReadFileAsBytes(ByVal sFile As String, ByRef abytes() As Byte)

    '* ActiveX Data Objects has a binary load to byte array feature ....

    Dim strm As ADODB.Stream
    Set strm = New ADODB.Stream
    With strm
        .Open
        .Type = adTypeBinary
        .LoadFromFile sFile
        abytes = .Read
        .Close
    End With
    Set strm = Nothing

End Function

Private Function SaveBytesAsFile(ByVal sFile As String, ByRef abytes() As Byte)

    Dim lFile As Long
    lFile = FreeFile
    
    Open sFile For Binary Access Write Lock Write As #lFile
    Put #lFile, , abytes()
    Close #lFile

'
'    Dim strm As ADODB.Stream
'    Set strm = New ADODB.Stream
'    With strm
'        .Open
'        .Type = adTypeBinary
'        .Write abytes
'        .SaveToFile sFile
'        '.LoadFromFile sFile
'        'abytes = .Read
'        .Close
'    End With
'    Set strm = Nothing
'
End Function


Private Function ByteArrayToHexStringArray(ByRef abytes() As Byte, ByRef asHexs() As String)
    '* used for debugging

    ReDim asHexs(LBound(abytes) To UBound(abytes))
    
    Dim lLoop As Long
    For lLoop = LBound(abytes) To UBound(abytes)
        asHexs(lLoop) = Hex$(abytes(lLoop))

    Next lLoop
End Function


Private Function ByteArrayToHexString(ByRef ab() As Byte, Optional sDelimiter As String = " ") As String
    '* used to create very long hex numbers as strings
    '* cryptography has long numbers for keys
    Dim sSegment As String
    sSegment = ""
    
    Dim lLoop As Long
    For lLoop = 0 To UBound(ab)
        sSegment = sSegment & sDelimiter & Right$("0" & Hex$(ab(lLoop)), 2)
    Next
    
    ByteArrayToHexString = Trim(sSegment)

End Function

Private Function HexToDecimal(ByVal sHex As String) As String
    '* takes a long hexadecimal number (as a string) and converts
    '* to a long decimal number (as a string)
    
    '* translated from StackOverflow answer
    '* https://stackoverflow.com/questions/16965915/convert-a-big-hex-number-string-format-to-a-decimal-number-string-format-w/46817799
    
    '* tested against websites such as
    '* http://www.statman.info/conversions/hexadecimal.php
    
    Dim dec() As Long
    ReDim dec(0 To 0) As Long
    
    Dim lCharLoop As Long
    For lCharLoop = 1 To Len(sHex)
        
        Dim char As String * 1
        char = Mid$(sHex, lCharLoop, 1)
        
        Dim carry As Long
        carry = Val("&h" & char)
        
        Dim i As Long
        For i = 0 To UBound(dec)
            Dim lVal As Long
            lVal = dec(i) * 16 + carry
            dec(i) = lVal Mod 10
            carry = lVal \ 10
        Next i
    
        While (carry > 0)
            ReDim Preserve dec(0 To UBound(dec) + 1) As Long
            dec(UBound(dec)) = carry Mod 10
            carry = carry \ 10
        Wend
    Next
    
    For lCharLoop = UBound(dec) To LBound(dec) Step -1
        Dim sDecimal As String
        sDecimal = sDecimal & Chr$(48 + dec(lCharLoop))
    
    Next
    
    HexToDecimal = sDecimal

End Function

Private Function ECDSAXml(ByVal sXValue As String, ByVal sYValue As String, Optional ByVal sCurveOid As String = "1.3.132.0.34") As String

    '* sample output
    
    '
    '  
    '    
    '  
    '  
    '    
    '    
    '  
    '

    Dim dom As MSXML2.DOMDocument60
    Set dom = New MSXML2.DOMDocument60
    dom.LoadXML "" & _
                "" & _
                "" & _
                "" & _
                "" & _
                "" & _
                ""
    Debug.Assert dom.parseError.ErrorCode = 0

    '* namespace selection glitch requires us to declare namespace prefix
    '* to use XPath even though original document does not
    dom.setProperty "SelectionNamespaces", "xmlns:ec=""http://www.w3.org/2001/04/xmldsig-more#"""
    
    
    Dim attrCurveId As MSXML2.IXMLDOMAttribute
    Set attrCurveId = dom.SelectSingleNode("ec:ECDSAKeyValue/ec:DomainParameters/ec:NamedCurve/@URN")
    Debug.Assert attrCurveId.Text = "urn:oid:" & sCurveOid  '  secp384r1 – {1.3.132.0.34}
    
    Dim attrXValue As MSXML2.IXMLDOMAttribute
    Set attrXValue = dom.SelectSingleNode("ec:ECDSAKeyValue/ec:PublicKey/ec:X/@Value")
    Debug.Assert Not attrXValue Is Nothing
    attrXValue.Text = sXValue
    
    Dim attrYValue As MSXML2.IXMLDOMAttribute
    Set attrYValue = dom.SelectSingleNode("ec:ECDSAKeyValue/ec:PublicKey/ec:Y/@Value")
    Debug.Assert Not attrYValue Is Nothing
    attrYValue.Text = sYValue
    
    
    ECDSAXml = PrettyPrintXml(dom)
    'ECDSAXml = dom.XML
End Function

Private Function PrettyPrintXml(ByVal dom As MSXML2.DOMDocument60) As String
    '* this routine inserts line breaks between elements

    Dim reader As MSXML2.SAXXMLReader60
    Set reader = New MSXML2.SAXXMLReader60
    
    Dim writer As MSXML2.MXXMLWriter60
    Set writer = New MSXML2.MXXMLWriter60
    writer.omitXMLDeclaration = True
    writer.indent = True
    
    Set reader.contentHandler = writer
    reader.Parse dom.XML
   
    PrettyPrintXml = writer.output
End Function


Private Function WriteStringToFile(ByVal sContents As String, ByVal sFileName As String) As Boolean
    '* this ought to be a one-liner but with so much other code
    '* I felt it necessary to break out so I can debug and check what is happening
    
    If fso.FileExists(sFileName) Then fso.DeleteFile sFileName
    
    Dim txtSignableContent As Scripting.TextStream
    Set txtSignableContent = fso.CreateTextFile(sFileName)
    txtSignableContent.Write sContents
    txtSignableContent.Close
    Set txtSignableContent = Nothing
    
    Debug.Assert fso.FileExists(sFileName)

    WriteStringToFile = True

End Function






Here is the output to the VBA immediate window which illustrates the console commands and the responses for running EntryPoint1_RunECDSAKeyGenerationBatch_RunOnce.


Creating batch directory :n:\ECDSA\2017-11-03T193106
C:\OpenSSL-Win64\bin\openssl.exe ecparam -genkey -name secp384r1 -out n:\ECDSA\2017-11-03T193106\ec_key.pem

C:\OpenSSL-Win64\bin\openssl.exe ec -pubout -outform DER -in n:\ECDSA\2017-11-03T193106\ec_key.pem -out n:\ECDSA\2017-11-03T193106\ec_pubkey.der
C:\OpenSSL-Win64\bin\openssl.exe ec -pubout -outform PEM -in n:\ECDSA\2017-11-03T193106\ec_key.pem -out n:\ECDSA\2017-11-03T193106\ec_pubkey.pem

C:\OpenSSL-Win64\bin\openssl.exe ec -noout -text -in n:\ECDSA\2017-11-03T193106\ec_key.pem -out n:\ECDSA\2017-11-03T193106\ec_key.txt

Private-Key: (384 bit)
priv:
    00:98:78:0d:c7:29:10:1c:9f:4d:75:b2:95:01:01:
    a9:d2:36:72:0d:77:6a:5c:57:8d:51:a0:53:27:05:
    9b:22:1c:c9:0a:1e:e1:27:06:92:c1:6c:2a:c4:bb:
    46:91:98:f6
pub: 
    04:bd:4a:38:04:69:d5:ba:fa:11:27:0f:a8:ef:70:
    3f:11:8d:e0:0f:e7:fd:26:ac:4d:40:32:7a:b5:9c:
    97:71:c1:80:72:1b:42:25:f8:a4:49:4d:8f:89:bf:
    1b:e9:6c:8c:f3:0b:02:db:89:b3:f7:92:e8:c4:a6:
    ce:04:88:10:51:cc:17:0b:b8:9c:9a:a6:3d:fd:ec:
    d4:99:c3:31:6b:22:1d:b6:41:fa:3c:0e:51:fe:86:
    67:bb:7e:86:ce:06:6c
ASN1 OID: secp384r1
NIST CURVE: P-384

C:\OpenSSL-Win64\bin\openssl.exe asn1parse -inform DER -in n:\ECDSA\2017-11-03T193106\ec_pubkey.der
    0:d=0  hl=2 l= 118 cons: SEQUENCE          
    2:d=1  hl=2 l=  16 cons: SEQUENCE          
    4:d=2  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
   13:d=2  hl=2 l=   5 prim: OBJECT            :secp384r1
   20:d=1  hl=2 l=  98 prim: BIT STRING        

sHexX:BD4A380469D5BAFA11270FA8EF703F118DE00FE7FD26AC4D40327AB59C9771C180721B4225F8A4494D8F89BF1BE96C8C
sHexY:F30B02DB89B3F792E8C4A6CE04881051CC170BB89C9AA63DFDECD499C3316B221DB641FA3C0E51FE8667BB7E86CE066C
sDecX:29134384736743232303148959866907873847020585008044539704341734517362687803911673703523083044584737202030832217844876
sDecY:37407743276271579329804703064876533532537408218368858949720169306023437854945515421210341789026319167790678153234028

    
        
    
    
        
        
    





Here is the VBA immediate window output for running EntryPoint2_RunHashAndSignBatch ...


C:\OpenSSL-Win64\bin\openssl.exe dgst -sha256 -out n:\ECDSA\2017-11-03T193106\license.sha256 n:\ECDSA\2017-11-03T193106\license.txt

SHA256(n:\ECDSA\2017-11-03T193106\license.txt)= 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969

C:\OpenSSL-Win64\bin\openssl.exe dgst -sha256 -sign n:\ECDSA\2017-11-03T193106\ec_key.pem -out n:\ECDSA\2017-11-03T193106\license.sig n:\ECDSA\2017-11-03T193106\license.txt

C:\OpenSSL-Win64\bin\openssl.exe base64 -in n:\ECDSA\2017-11-03T193106\license.sig -out n:\ECDSA\2017-11-03T193106\license.sigb64

C:\OpenSSL-Win64\bin\openssl.exe dgst -sha256 -verify n:\ECDSA\2017-11-03T193106\ec_pubkey.pem -signature n:\ECDSA\2017-11-03T193106\license.sig n:\ECDSA\2017-11-03T193106\license.txt
Verification success


Next we create a C# classic console application and paste in the following code to verify the digital signature remembering that the customer will be in receipt of a base64 version of the digital signature.


using System;
using System.IO;
using System.Security.Cryptography;
using System.Xml;

namespace ECDSAVerSig
{
    class Program
    {
        static Action feedback { get; set; }
        static byte[] fileContents = null;
        static byte[] signatureContents = null;

        static ECDsaCng client = null;
        static HashAlgorithm hashAlgo = new SHA256Managed();

        static String parentDirectory = null;

        static void Main(string[] args)
        {
            //* the following will be different for you!!!
            //* and will need to match what was output by the VBA script
            if (args.Length == 0)
            {
                parentDirectory = "n:\\ECDSA\\2017-11-06T212507\\";
            }
            else
            {
                parentDirectory = args[0];
            }
            feedback = Console.WriteLine; // Abstract away 


            if (Directory.Exists(parentDirectory))
            {


                feedback("Processing directory " + parentDirectory);

                if (LoadSignature())
                {
                    VerifySignature();
                }
            }
            else
            {
                feedback("#ERROR: directory '" + parentDirectory + "' does not exist!");
            }


        }



        static private Boolean VerifySignature()
        {
            try
            {
                // a byte array to store hash value
                byte[] hashedData = null;

                hashedData = hashAlgo.ComputeHash(fileContents);

                //* the following is consistently wrong though it is my best guess
                Boolean verified = client.VerifyHash(hashedData, signatureContents); //<-- Help required here StackOverflowers

                feedback("Verification:" + verified);

                if (verified)
                {
                    feedback("Hooray you got this 384 bit ECDSA code working! You absolute star!");
                    System.IO.File.Create(Path.Combine(parentDirectory, "win.txt"));
                }
                else
                {
                    feedback("Oh dear, still does not work.  Please keep twiddling.");
                    System.IO.File.Create(Path.Combine(parentDirectory, "lose.txt"));
                }

                return true;

            }
            catch (XmlException ex)
            {
                feedback("Problem with verification (Xml parse error):" + ex.ToString());
                return false;
            }
            catch (Exception ex)
            {
                feedback("Problem with verification :" + ex.ToString());
                return false;
            }
        }

        static private Boolean LoadSignature()
        {

            client = new ECDsaCng();
            try
            {

                System.Xml.XmlDocument dom = new System.Xml.XmlDocument();

                dom.Load(Path.Combine(parentDirectory, "ec_pubkey.xml"));

                string xml = dom.OuterXml;
                feedback(xml);
                client.FromXmlString(xml, ECKeyXmlFormat.Rfc4050);

                fileContents = System.IO.File.ReadAllBytes(Path.Combine(parentDirectory, "license.txt"));

                string base64SignatureContents = System.IO.File.ReadAllText(Path.Combine(parentDirectory, "license.sigB64"));
                signatureContents = Convert.FromBase64String(base64SignatureContents);


                byte[] hashedData = hashAlgo.ComputeHash(fileContents);


                return true;
            }
            catch (XmlException ex)
            {
                feedback("Problem with reading digital signature (Xml parse error):" + ex.ToString());
                return false;
            }

            catch (Exception ex)
            {
                feedback("Problem with reading digital signature:" + ex.ToString());
                return false;
            }
        }
    }
}

I have triple checked this code. I've made the license file a very short "Hello" and checked bytes and encoding. I do not know what next to do. Please assist. Thanks in advance

No comments:

Post a Comment