ECDSA support #50
Comments
|
Same problem. |
|
If you can provide an example p8 private key and it's corresponding public key that could be useful and I can make sure this works for your case. We would want to be able to process p8 and pem files. |
|
Test file that I take from Apple. I'm' not sure that I should make with it anything. Maybe create a pem file with OpenSSL. But for sending a push notification to APNS need make JWT and sign it with ES256 algorithm. Waiting while it will be added to BlueCryptor. Or I will make it with node.js. |
|
I'm currently unavailable this week. However, I'll start looking at it and hopefully start coming up with an implementation plan on Monday. I don't think it'll take that long. I may move this BlueRSA rather than here depending on the best way to implement that API. Offhand, I think it'll end up in BlueRSA since the API that'll be presented will most likely look more like a BlueRSA API. @Andrew-Lees11 The reason for the separation is twofold. First, BlueCryptor has been around a lot longer than BlueRSA and I didn't want to destabilize it during development of the RSA APIs. The second reason is the fact that the API for BlueRSA is significantly different than that presented by BlueCryptor and I felt that it would be best to avoid any confusion for users of the packages. |
|
Since BlueRSA is fairly linked to RSA, Would it make sense for us to just create a new repo (e.g. SwiftECC/BlueECC) that handles ECC encryption and signing? I am happy to work on a prototype of this while you are away. |
|
Let me stew on it. That might work but I think the style of the BlueRSA API is going to be closer to what we need. I think we might be duplicating a bit of code if we create a new repo. |
|
I have moved my current prototype to a branch on BlueRSA. This is currently able to sign and verify on using common crypto from a PEM public and private key. On linux it can sign and verify from a key created by OpenSSL however it is not currently able to parse a PEM file into the required key. |
|
Sounds good to me. Thanks. Enjoy your week away from the office. 😉 |
|
I'm going to close this issue here since it is unlikely to go in this repo. I have made a working prototype on this BlueRSA branch. It can sign and verify ES256 JWTs and is working with jwt.io. It still needs tidying up and choosing where we would like to put it. |
In SwiftJWT, we would like to support ES256. This requires the JWT be signed/verified using ECDSA. BlueCryptor seems like the right place to implement a common API for the Elliptic curve algorithm.
OpenSSL has an implementation that is documented here. This could be used for the linux implementation.
Apple security has an implementation that is documented here. This could be used for the iOS/MacOS implementation.
@billabt This approach is fairly similar to BlueRSA. Is there a reason you made BlueRSA a separate repo instead of incorporating it into BlueCryptor?
The text was updated successfully, but these errors were encountered: