Why do exported ECDSA keys look similar?

Question

I use this snippet to see private and public keys generated by DSA:

        byte[] publicKey, hash, signedHash;
        string strToSign = "Hello, world!";
        SHA512Managed shaComputer = new SHA512Managed();

        using (ECDsaCng dsaSigner = new ECDsaCng())
        {
            publicKey = dsaSigner.Key.Export(CngKeyBlobFormat.GenericPublicBlob);

            Console.WriteLine($"DSA public key: {TransformHash(publicKey)}");
            Console.WriteLine();

            byte[] privateKey = dsaSigner.Key.Export(CngKeyBlobFormat.GenericPrivateBlob);

            Console.WriteLine($"DSA private key: {TransformHash(privateKey)}");
            Console.WriteLine();
        }

But I see theese keys look very similar, because private key starts with public key:

Is that normal?

score 0 · Answer 1 · answered Sep 05 '18 at 21:50

"because private key starts with public key

I believe this is the case. This is documented for GenericPrivateBlob:

https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.cngkeyblobformat.genericprivateblob?redirectedfrom=MSDN&view=netframework-4.7.2

A generic private key BLOB can contain a private key of any type and does not necessarily contain the corresponding public key. The type of key that the BLOB contains can be determined only by examining the BLOB.

Emphasis mine, however in this case it does look like the public key is prepended before the private key.

Why do exported ECDSA keys look similar?

1 Answers1