ECDSA signing and verification (ES256, ES384) #73
Conversation
|
I was emailed a comment on this pull request asking why I used ring's The relevant spec is JSON Web Algorithms Section 3.4 which specifies a simple concatenation of R and then S, which is what So the short answer is, using The question of what format the keys are provided in is pretty much orthogonal to how the signature is encoded. I chose to take them as PKCS#8 keys because that's what ring accepts and because that's what Apple gives as APNS keys, and being able to authenticate to APNS using JWT was my primary reason for implementing this in the first place. |
|
It's also worth noting that OpenSSL provides tools for encoding keys in PKCS#8 structures, so it should not be a problem to use the OpenSSL tools to create suitable keys. I haven't tried, though. |
I documented exactly how to generate PKCS#8 formatted keys using OpenSSL that interop with ring at at https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b. |
|
Actually, the public key generated with instructions above isn't in a format that ring expects. openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -out private_key.pem
openssl pkcs8 -in private_key.pem -topk8 -nocrypt -outform DER -out private_key.p8.der
openssl ec -in private_key.pem -pubout -out public_key.pem
openssl pkey -pubout -inform der -outform der -in private_key.p8.der -out public_key.p8.der
openssl version
OpenSSL 1.0.2q 20 Nov 2018At the moment, the best solution I came with is to use openssl asn1parse. Another way is to use ASN1 parser to extract the public key in the application. openssl ecparam -name prime256v1 -genkey -noout -out private_key.pem
openssl pkcs8 -in private_key.pem -topk8 -nocrypt -outform DER -out private_key.p8.der
openssl ec -in private_key.pem -pubout -out public_key.pem
openssl asn1parse -in public_key.pem -offset $((23 + 2)) -out public_key.p8.der.block
dd bs=1 skip=1 if=public_key.p8.der.block of=public_key.p8.derAt first, I missed that leading zero in asn1parse output, so I thought that the problem in the signing algorithm, but the example above just works with both ring's ECDSA_P256_SHA256_FIXED_SIGNING and ECDSA_P256_SHA256_ASN1_SIGNING, that is why I removed my comment, but probably it worth mentioning in case someone else will be confused in the similar way. |
|
is there any rust create that can convert a pem public key file to what ring expects? |
|
@gdamjan you can implement it by yoursef using pem and yasna crates. fn parse_pem(input: &[u8]) -> Result<Vec<u8>, Error> {
use failure::SyncFailure;
let pem_contents = pem::parse(input).map_err(SyncFailure::new)?.contents;
let asn_contents = yasna::parse_der(&pem_contents, |reader| {
reader.read_sequence(|reader| {
reader.next().read_sequence(|reader| {
reader.next().read_oid()?;
reader.next().read_oid()?;
Ok(())
})?;
let bytes = reader.next().read_bitvec()?;
return Ok(bytes)
})
}).map_err(SyncFailure::new)?;
Ok(asn_contents.to_bytes())
} |
It looks like it's |
|
@briansmith I'm not sure about it, probably it's not openssl asn1parse -in public_key.pem
0:d=0 hl=2 l= 89 cons: SEQUENCE
2:d=1 hl=2 l= 19 cons: SEQUENCE
4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1
23:d=1 hl=2 l= 66 prim: BIT STRING |
|
@Keats Is there something that need to be done to have this one merged? |
|
Mostly the discussion on #76 |
| ES256, | ||
|
|
||
| /// ECDSA using SHA-384 | ||
| ES384, |
There was a problem hiding this comment.
ECDSA signing and verification (ES256, ES384)
Also updates Ring to 0.14 and updates the RSA signing code to match Ring API changes.