Skip to content

Comments

fix: derive ECDSA public key from private key correctly#6

Open
script3r wants to merge 1 commit intorishabhyadavv:mainfrom
script3r:feature/ecdsa-bug
Open

fix: derive ECDSA public key from private key correctly#6
script3r wants to merge 1 commit intorishabhyadavv:mainfrom
script3r:feature/ecdsa-bug

Conversation

@script3r
Copy link

@script3r script3r commented Jan 13, 2026

Bug

getPublicECDSAKey on Android was generating a random key pair instead of deriving the public key from the provided private key:

val keyPairGenerator = KeyPairGenerator.getInstance("EC")
keyPairGenerator.initialize(ecParameterSpec)
val keyPair = keyPairGenerator.genKeyPair()  // Bug: generates random keys

This meant every call returned a different random public key, breaking signature verification.

Fix

Replaced with proper EC point multiplication (Q = d × G) using the double-and-add algorithm to derive the public key deterministically from the private key scalar.

Also added JUnit test dependencies and a unit test to verify the fix.

@script3r @claude
fix: derive ECDSA public key from private key correctly
2b48ed7 
The getPublicECDSAKey function was generating a random key pair instead
of deriving the public key from the provided private key. This meant
every call returned a different random public key.

Fixed by implementing proper EC point multiplication (Q = d × G) using
the double-and-add algorithm to derive the public key deterministically.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@script3r