[RESOLVED] VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty
Hey gang,
Welcome to Episode 3 of "Backflip codes the world's first and last blockchain in VB6."
With only a surface level understanding of many areas of crypto, there's a learning curve (heh) for me at this step. I'm not sure how to associate public and private keys together with a "mathematical relationship" and tie that into Alice authenticating that Bob has access to the private key associated with his public key.
Good News: I believe this is one of the final areas for me to nail down before I can program and deploy the VB6 blockchain. I think it'll run on Vista to WS2019 or so, and might actually end up being pretty fast. I'm a junkie for speed optimization.
Update: I'm going to see how far I manage to get with this and will report back tomorrow.
I'm not sure if there are any solid examples of Capicom doing exactly this. i.e. Generating Keypairs, Signing Messages and then Authenticating Signed Messages, but if I am able to make one I will drop it in this thread. If not, I may have questions and maybe more $20 BTC bounties
Last edited by backflip; Sep 19th, 2019 at 02:10 PM.
Re: Generating Keypairs, Signing and Authenticating Signed Digital Signatures in VB6
The Chilkat library you linked to is a commercial library. Their pricing & redistribution terms are very reasonable, but there is still a cost. I'm still not 100% sure if you want to write everything yourself in VB6 or if you are willing to use paid/other third-party libraries in your project? If you are open to using paid/third-party libraries, I have a license for the Chilkat bundle so I can give it a try to see if I can get things working.
Re: Generating Keypairs, Signing and Authenticating Signed Digital Signatures in VB6
I don't know what those keys and signatures need to be so I'm not sure whether this helps. I haven't had to revisit it seriously in a long time so the details are murky right now too: RSA Data Signing via CNG.
By working with the APIs instead of wrappers like CAPICOM you do more work but you also get finer control if required.
Re: Generating Keypairs, Signing and Authenticating Signed Digital Signatures in VB6
Originally Posted by jpbro
The Chilkat library you linked to is a commercial library. Their pricing & redistribution terms are very reasonable, but there is still a cost. I'm still not 100% sure if you want to write everything yourself in VB6 or if you are willing to use paid/other third-party libraries in your project? If you are open to using paid/third-party libraries, I have a license for the Chilkat bundle so I can give it a try to see if I can get things working.
Yeah if it works, it works. I'm open to paid or other third party libraries. Zero percent chance I can code anything crypto from the ground up. Terrible at cryptography, mediocre at VB6. But I am good at web emulation programming, speed optimization, arrays, etc. Once I knock out the crypto I think I'll be off to the races and developing unique features very quickly.
Originally Posted by dilettante
I don't know what those keys and signatures need to be so I'm not sure whether this helps. I haven't had to revisit it seriously in a long time so the details are murky right now too: RSA Data Signing via CNG.
By working with the APIs instead of wrappers like CAPICOM you do more work but you also get finer control if required.
Yeah. As I said before I'll work with anything that works consistently and is up to SHA256 standards. With proper key generation. But at the same time I just want to proof of concept this thing and tune it up later by reprogramming it ground up.
Originally Posted by couttsj
When looking at third party solutions, keep in mind that the only thing considered secure these days is TLS 1.2 or better.
J.A. Coutts
Yeah I'm apparently trying to use secp256r1 from within Chilkat.
##########################################
Aaanyway,
I need to figure out how to create and retrieve 64 character sha256 hashes.
I've been experimenting with Chilkat features. I think I'm almost there.
I need to use them for digital signatures primarily; e.g. Bob signs a digital signature with his private key and signals it to the blockchain network, they form consensus that Bob does own the private key, based on being able to decrypt his message with his public key, allowing miners or network operators to positively ID the client.
Number 2 is what I'm most interested in since I am working on a blockchain. Number 3 is in a close second because it appears to allow me to convert keys to .xml and then to 64chr hex. I'd like to replicate this and have it work in tandem with everything else I need to do, e.g. digital signatures etc.
I think I'm able to turn .pem into SHA256 HEX with the following code for the private key, but I'm not sure if it loses its mathematical relationship with the public key, that I'm apparently not sure how to also produce as 64chr HEX for that is mathematically associated and usable for cryptographically signing data.
Proof of private key ownership in practice, meaning keypairs are mathematically linked to prove that one person owns both, seems like something I'll need to figure out with a foundation that I understand better. That foundation appears to be.. basic cryptography in VB6 with Chilkat.
As of now it's only a matter of generating secp256r1 SHA256 keypairs or whatever that are returned in Hex rather than "---PUBLIC KEY STARTING HERE--" huffin and puffin around.
tl;dr coding a blockchain, not sure how to make chilkat reliably produce ecc/secp256k1/sha256/whatever keypairs in hex, nor am I sure if digital signatures that prove ownership of a public key's private key by working with traditional hex keypairs as seen with Bitcoin
So, at a brick wall.
This seems to be the biggest hurdle. Last one, probably.
Here's some code and source.
Code:
Private Sub cmdGenPvt_Click()
'activate
cActivate
'entropy
Dim Fortuna As New ChilkatPrng
Dim sEntropy As String
sEntropy = Fortuna.GetEntropy(32, "base64")
Dim lSuccess As Long
lSuccess = Fortuna.AddEntropy(sEntropy, "base64")
'load ecc
Dim ecc As New ChilkatEcc
'generate random private key on the bitcoin curve
Dim privKey As PrivateKey
Set privKey = ecc.GenEccKey("secp256r1", Fortuna)
If (ecc.LastMethodSuccess = 0) Then
Debug.Print ecc.LastErrorText
Exit Sub
End If
'save private key pkcs8 encrypted pem file
lSuccess = privKey.SavePkcs8EncryptedPemFile("blockchain", "d:\crypto\privatekey.txt")
If (lSuccess <> 1) Then
Debug.Print privKey.LastErrorText
End If
'extract the public key
Dim pubKey As publicKey
Set pubKey = privKey.GetPublicKey()
' Save the public key to a PEM file.
' (The public key can be saved in a variety of different formats. See the online reference documentation.)
' For ECC keys, the 1st argument (bPreferPkcs1) is ignored and unused.
Dim bPreferPkcs1 As Long
bPreferPkcs1 = 0
lSuccess = pubKey.SavePemFile(bPreferPkcs1, "d:\crypto\publickey.txt")
'set textboxes
txtPrivateKey.Text = FileText("d:\crypto\privatekey.txt")
txtPublicKey.Text = FileText("d:\crypto\publickey.txt")
'display private key in hex
Dim asn As New ChilkatAsn
lSuccess = asn.LoadEncoded(privKey.GetPkcs1ENC("base64"), "base64")
If (lSuccess <> 1) Then
Debug.Print asn.LastErrorText
Exit Sub
End If
Dim xml As New ChilkatXml
lSuccess = xml.LoadXml(asn.AsnToXml())
Debug.Print xml.GetXml()
' The 32-byte private key is in the octets..
' Get it as hex.
Dim crypt As New ChilkatCrypt2
Dim privKeyHex As String
privKeyHex = crypt.ReEncode(xml.GetChildContent("octets"), "base64", "hex")
txtPrivateKey.Text = privKeyHex
'display public key in hex?
Dim asn2 As New ChilkatAsn
lSuccess = asn2.LoadEncoded(pubKey.GetPkcs1ENC("base64"), "base64")
If (lSuccess <> 1) Then
Debug.Print asn2.LastErrorText
Exit Sub
End If
Dim xml2 As New ChilkatXml
lSuccess = xml2.LoadXml(asn2.AsnToXml())
Debug.Print xml2.GetXml()
' The 32-byte private key is in the octets..
' Get it as hex.
Dim crypt2 As New ChilkatCrypt2
Dim pubKeyHex As String
pubKeyHex = crypt.ReEncode(xml2.GetChildContent("octets"), "base64", "hex")
'txtPublicKey.Text = pubKeyHex
End Sub
It's 10AM and I'm still awake so pardon any scatterbrained delivery. I even had a dream about public key cryptography the other night. This thing is getting programmed whether I kinda suck at VB6 and definitely suck at crypto or not.
I've updated the thread to contain another $25 BTC bounty. I know it isn't much but I appreciate the time you guys spend helping others. I always learn here.
It is using the 32bit Chilkat .dll if anyone wants to take a look. `cActivate` in `Form_Load` calls a module that is attached in the .zip at the bottom, but is just unlock Chilkat's 30 day demo.
Dim glob As New ChilkatGlobal
Dim success As Long
success = glob.UnlockBundle("*")
If I happen to get this working all in order it's something I'll purchase.
and I'm so overdue for this type of knowledge. I've just never needed to program with it before.
But the foundation is laid, sloppily, and I do think will be tied up into a nice interface with surprising performance metrics in the world of blockchain. Eventually.
I've been running a bunch of experiments. I'm definitely committed to finishing this thing with a lot of bells and whistles that blockchain hasn't seen. I don't think it's the most impressive technology out there but I definitely think there should be demos of alternate economic models, account recovery procedures and a handful of useful applications.
Here's just the keypair generator, the most recent of my toiling about. It is referenced in the source and screen shot above.
I don't care what type of code is used, third party or not, as long as hex sha256 hashes are able to be used to verify ownership of public keys.
I can't find any extremely simple examples with easy to use functions with documentation, based on my ability to interpret, that allows for this specific task gracefully.
Last edited by backflip; Sep 17th, 2019 at 09:30 AM.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Chilkat has a bunch of methods suffixed with "ENC", and these methods let you specify an encoding such as "hex". So for example, instead of saving your private and public keys to a file then loading then back and trying to convert them to hex, you can use the GetPkcs8ENC or GetPkcs8ENC methods.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Originally Posted by jpbro
Chilkat has a bunch of methods suffixed with "ENC", and these methods let you specify an encoding such as "hex". So for example, instead of saving your private and public keys to a file then loading then back and trying to convert them to hex, you can use the GetPkcs8ENC or GetPkcs8ENC methods.
For the public key
Me.txtPublicKey.Text = pubKey.GetPkcs8ENC("hex")
Code:
I'm still digesting the rest of your post to see if I can help with the digital signing + verification stuff.
Well this appears to make it a heck of a lot more uniform. Thank you.
txtPrivateKey.Text = privKey.GetPkcs8EncryptedENC("hex", "") ' Hex encoding, i removed the password that was "blockchain" because idk if it needs to be here
txtPublicKey.Text = pubKey.GetPkcs8ENC("hex")
I just don't know why they aren't 64 digits like a regular sha256 or how to get them there.
Encoding itself much less cryptography are two areas i almost never encounter. I'm a learn as I need to and as I go programmer. This may be illustrated by my having used VB6 almost exclusively, and relatively infrequently, for the past 15+ years. But like many here I see few reasons to switch languages anyhow. That said, if we assume VB6-chain is to be embraced by the masses and become the 1 in 5,000 cryptocurrency that is loved by all (this is sarcasm) and it may need to be ported to a lower level language to better accommodate its zealous irrational fanfare. One can dream.
Last edited by backflip; Sep 17th, 2019 at 10:10 AM.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
I use Chilkat at work and its been good for over a year. Its definitely worth the money. You dont want to be reinventing the wheel and risk creating issues.
They have several examples on their site and do provide support, if you have actually purchased the library
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Originally Posted by RobDog888
I use Chilkat at work and its been good for over a year. Its definitely worth the money. You dont want to be reinventing the wheel and risk creating issues.
They have several examples on their site and do provide support, if you have actually purchased the library
+1 to the Chilkat recommendation. It's a great bundle for a reasonable price and the support has always been excellent when I've needed it.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Just noticed a bug in the demo code I provided. In the cmdVerifyString_Click() event, the code for loading the public key should be changed to this:
Code:
If lo_PublicKey.LoadFromBinary(lo_PublicKeyBd.GetBinary) <> 1 Then Err.Raise vbObjectError, , "Could not load public key!" ' Load public key binary data
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Originally Posted by RobDog888
I use Chilkat at work and its been good for over a year. Its definitely worth the money. You dont want to be reinventing the wheel and risk creating issues.
They have several examples on their site and do provide support, if you have actually purchased the library
It seems to have a lot of features that streamline things that could otherwise be challenging or perhaps downright impossible.
Originally Posted by jpbro
Just noticed a bug in the demo code I provided. In the cmdVerifyString_Click() event, the code for loading the public key should be changed to this:
Code:
If lo_PublicKey.LoadFromBinary(lo_PublicKeyBd.GetBinary) <> 1 Then Err.Raise vbObjectError, , "Could not load public key!" ' Load public key binary data
Thanks! This looks promising! Though when starting a fresh instance of the program and pasting the private and public keys into their respective textboxes, e.g.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
I think the problem is that your bundle isn't unlocked properly. Try changing your code in the "keypair" module to this:
Code:
Option Explicit
Private glob As New ChilkatGlobal ' Put this at the module level instead of the procedure level to keep it alive for the duration of your program
Public Sub cActivate()
Dim success As Long
success = glob.UnlockBundle("*")
If success <> 1 Then MsgBox "Could not unlock Chilkat bundle!"
End Sub
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Originally Posted by jpbro
I think the problem is that your bundle isn't unlocked properly. Try changing your code in the "keypair" module to this:
Code:
Option Explicit
Private glob As New ChilkatGlobal ' Put this at the module level instead of the procedure level to keep it alive for the duration of your program
Public Sub cActivate()
Dim success As Long
success = glob.UnlockBundle("*")
If success <> 1 Then MsgBox "Could not unlock Chilkat bundle!"
End Sub
Thanks. Tried that, didn't seem to change anything.
The steps to reproduce are
1. click "generate keypair"
2. click "sign string"
3. click "verify string"
4. copy private key to notepad
5. copy public key to notepad
6. restart keypair generator
7. paste the private and public keys into the textboxes
8. attempt to sign or verify a string
So as it stands I don't appear to be able to sign and verify strings unless the keypairs are generated inside of the program during the session that it is running.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Ok weird, I just tried your steps and it is working fine for me here. If you change the line where you test for an empty hash to the following, can you copy & paste the text that appears in the debug window here?
Code:
If LenB(l_HashToSign) = 0 Then
Debug.Print lo_Crypt.LastErrorText
Err.Raise vbObjectError, , "Could not hash data!"
End If
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Originally Posted by jpbro
Ok weird, I just tried your steps and it is working fine for me here. If you change the line where you test for an empty hash to the following, can you copy & paste the text that appears in the debug window here?
Code:
If LenB(l_HashToSign) = 0 Then
Debug.Print lo_Crypt.LastErrorText
Err.Raise vbObjectError, , "Could not hash data!"
End If
You're right
Code:
ChilkatLog:
HashStringENC:
DllDate: Jul 24 2019
ChilkatVersion: 9.5.0.79
UnlockPrefix: NONE
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
The Chilkat API is not unlocked, make sure to call UnlockBundle first. (The UnlockBundle method belongs to the Chilkat.Global class, which may be named CkGlobal, CkoGlobal, etc depending on the programming language.)
--HashStringENC
--ChilkatLog
Adding ".UnlockComponent ("*")" did the trick. Not sure why the module code didn't take care of it.
Code:
Set lo_Crypt = New Chilkat_v9_5_0.ChilkatCrypt2
With lo_Crypt
.EncodingMode = "hex"
.HashAlgorithm = "sha256"
.UnlockComponent ("*")
End With
However now when I paste keypairs back into the textboxes, after a restart of the program, sign and then verify* a message it returns "Not verified!"
Last edited by backflip; Sep 18th, 2019 at 07:09 AM.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
I'll try to knock up an example with better error checking/reporting shortly...Not sure what's going on there since I've tried the same steps multiple times and everything seems to be working, but a fuller example might find the bugs.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Originally Posted by jpbro
I'll try to knock up an example with better error checking/reporting shortly...Not sure what's going on there since I've tried the same steps multiple times and everything seems to be working, but a fuller example might find the bugs.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Here's an updated version of the demo with better error checking and new features (such as a salted hash to ensure the message hash is always different, as well as the ability to verify the message as well as the signature).
If you get any error messages the Chilkat log should be printed to the debug window, so copy & paste that information here along with the error message you see for review.
Some things to try:
Click Generate Keypair, then click Generate Message Signature to sign the message in the text box below. Click Generate Message Signature multiple times and notice that the signature changes each time.
Click the Copy button below the private key box and then paste it into notepad, then click the Clear button to clear the private key. Click the Generate Message Signature button when the private key is cleared, and notice that you will no longer be able to sign the message without a private key.
Click the Verify Message and Signature button and you should see a message that everything is OK. Hooray
Change either the message or the signature by adding/removing characters and then click Verify Message and Signature again and you should receive a message that the message or signature could not be verified and should not be trusted.
Restore the message or signature back to it's valid state, then click the Copy button below the public key and paste it into notepad. Click the Clear button below the public key box and then click Verify Message and Signature - it should fail because you no longer have the public key. Click Generate Keypair again to get a new private & public keypair, then clik Verify Message and Signature again. It should fail because you have the wrong public key for the signature now.
Hope that all works and I hope the comments make it clear as to what the program is doing, but let me know if you have any questions or encounter any issues.
Re: VB6 Blockchain Public Key Crypto & Digital Signatures & _ $25 BTC Bounty When Sol
Originally Posted by jpbro
Here's an updated version of the demo with better error checking and new features (such as a salted hash to ensure the message hash is always different, as well as the ability to verify the message as well as the signature).
If you get any error messages the Chilkat log should be printed to the debug window, so copy & paste that information here along with the error message you see for review.
Some things to try:
Click Generate Keypair, then click Generate Message Signature to sign the message in the text box below. Click Generate Message Signature multiple times and notice that the signature changes each time.
Click the Copy button below the private key box and then paste it into notepad, then click the Clear button to clear the private key. Click the Generate Message Signature button when the private key is cleared, and notice that you will no longer be able to sign the message without a private key.
Click the Verify Message and Signature button and you should see a message that everything is OK. Hooray
Change either the message or the signature by adding/removing characters and then click Verify Message and Signature again and you should receive a message that the message or signature could not be verified and should not be trusted.
Restore the message or signature back to it's valid state, then click the Copy button below the public key and paste it into notepad. Click the Clear button below the public key box and then click Verify Message and Signature - it should fail because you no longer have the public key. Click Generate Keypair again to get a new private & public keypair, then clik Verify Message and Signature again. It should fail because you have the wrong public key for the signature now.
Hope that all works and I hope the comments make it clear as to what the program is doing, but let me know if you have any questions or encounter any issues.
Thank you. Please DM me a good BTC address. This looks like it may be enough for me to play with and incorporate into a functioning POC. If not I'll be back !
Edit: I'll be back regardless, if not regularly active. I think this might end up being a pretty unique project for us VB classic guys to bask in. Could be a good +1 for VB6 in 2019. People put too much emphasis on programming languages. If it works it works.
Last edited by backflip; Sep 19th, 2019 at 02:14 PM.