New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add NULL parameter to AlgorithmIdentifier of encoded keys #92
add NULL parameter to AlgorithmIdentifier of encoded keys #92
Conversation
The public key should also have an explicit Can be confirmed by |
Yes, it should. Note that this is correctly handled (or at east, easily handled correctly) by the I've also partially written (but have not yet published) a |
c1977df
to
0494a8a
Compare
Thanks, @randombit, I completely missed it. Now fixed. @tarcieri: I didn't integrate to pkcs8 right away because it's currently not a dependency of this crate. If you feel strongly against using the simple fix proposed here, I could look into it. Thanks, great work! |
The simple fix is fine and I approved this PR. @dignifiedquire generally maintains this crate though, so I was waiting for his sign-off. |
can you rebase on master to fix ci please? |
@clenimar did you verify these with openssl? |
@dignifiedquire I haven't verified the encoded bytes, but this looks structurally the same as a PKCS#8-encoded RSA key generated by OpenSSL https://github.com/RustCrypto/utils/blob/master/pkcs8/tests/private_key.rs#L81-L91 |
@dignifiedquire I tried out this PR locally with the example from #95 and it works. So with this PR, ring can successfully import the key. |
as per the RFC 8017 [1], the NULL parameter MUST be present if the OID in AlgorithmIdentifier is `rsaEncryption`. this commit adds an explicit NULL to the AlgorithmIdentifier so that RSA key encoded by this crate are compliant to the RFC: > The object identifier rsaEncryption identifies RSA public and private > keys as defined in Appendices A.1.1 and A.1.2. The parameters field > has associated with this OID in a value of type AlgorithmIdentifier > SHALL have a value of type NULL. [1] https://tools.ietf.org/html/rfc8017#appendix-A fixes RustCrypto#91
0494a8a
to
1a2e62d
Compare
@dignifiedquire yes, I did. Also been using this PR with ring, as @est31 mentioned. Rebased now. Thanks! |
as per the RFC 8017 [1], the NULL parameter MUST be present if the OID in
AlgorithmIdentifier is
rsaEncryption
. this commit adds an explicitNULL to the AlgorithmIdentifier so that RSA keys encoded by this crate
are compliant to the RFC:
[1] https://tools.ietf.org/html/rfc8017#appendix-A
fixes #91