Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for parsing ASN.1 ECDSA key pairs without the PKCS#8 metadata. #1456

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add support for parsing ASN.1 ECDSA key pairs without the PKCS#8 metadata. #1456

wants to merge 2 commits into from
+108 −1

Conversation

farcaller
Copy link

This adds support for EC PRIVATE KEY, i.e. non pkcs8-wrapped keys.

@farcaller farcaller mentioned this pull request Feb 4, 2022
Closed
This was referenced Feb 4, 2022
Closed
Merged
@ctz ctz mentioned this pull request Feb 6, 2022
Merged
@farcaller farcaller mentioned this pull request Mar 18, 2022
Closed
@farcaller
Copy link
Author

Tentative ping.

@YuJuncen YuJuncen mentioned this pull request Nov 10, 2022
Closed
@cpu cpu mentioned this pull request May 22, 2023
Closed
@cpu
Copy link
Contributor

cpu commented Oct 6, 2023

@briansmith Would you be open to this feature if it were rebased on main? We have a bit of a hack upstream in rustls patching over this and it might be nice to drop it one day.

@briansmith briansmith changed the title Add support for EC private keys Add support for parsing ASN.1 ECDSA key pairs without the PKCS#8 metadata. Oct 14, 2023
@briansmith
Copy link
Owner

@cpu Yes, I would. Would you do RSA and EdDSA too?

@farcaller
Copy link
Author

I don’t mind adding the others too. Let me see if I remember how it works, was a while since I touched this code.

@cpu
Copy link
Contributor

cpu commented Oct 14, 2023
edited
Loading

Great thank you both. Happy to support as appropriate.

@farcaller
Add Sec1 EC key support
207dd68 
Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
@farcaller
Add a basic unit test that covers the valid use cases. Invalid cases …
2ee2344 
…are already covered by the pkcs#8 test.

Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
@farcaller
Copy link
Author

@briansmith do you know any good producers of RSA keys? I thought ssh ones would fit but they are actually in a different format.

@briansmith
Copy link
Owner

@briansmith do you know any good producers of RSA keys? I thought ssh ones would fit but they are actually in a different format.

Does this work? https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b#extracting-an-rsa-public-key-from-the-private-key-without-the-subjectpublickeyinfo-metadata

@farcaller
Copy link
Author

Sorry, I was out of free cycles the previous week to follow up on this.

@briansmith do you mind those two being decoupled, given how rebase was pretty smooth? I think the ec keys can go forward straight on and unblock rustls, and I'll work on the RSA keys in a separate PR then.

@briansmith
Copy link
Owner

@farcaller I looked more into how Rustls is using the existing APIs. I think we should "just" refactor the ring PKCS#8 API so that it works more like what Rustls needs, to avoid Rustls needing to jump through hoops. Please see #1889.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctz ctz ctz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@farcaller @cpu @briansmith @ctz