Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ограниченная поддежка EcDSA #67

Closed
Fasjeit opened this issue Oct 20, 2023 · 3 comments
Closed

Ограниченная поддежка EcDSA #67

Fasjeit opened this issue Oct 20, 2023 · 3 comments
Assignees
@Fasjeit
Labels
enhancement New feature or request

Comments

@Fasjeit
Copy link
Collaborator

Fasjeit commented Oct 20, 2023

Интересуют следующие сценарии.

RSA. Linux: Tls, mTls, SignedCms (attached, detached). Как следствие x509.

#65
@Fasjeit Fasjeit added the enhancement New feature or request label Oct 20, 2023
@Fasjeit Fasjeit self-assigned this Oct 20, 2023
Fasjeit added a commit that referenced this issue Nov 28, 2023
@Fasjeit
ecdsa initial commit, removing NetStandard reference for pkcs
30ca549 
#67
Fasjeit added a commit that referenced this issue Nov 29, 2023
@Fasjeit
ecdsa csp
4db8e88 
#67
Fasjeit added a commit that referenced this issue Nov 29, 2023
@Fasjeit
The correct way of getting ecdsa keys
1bce0cb 
#67
Fasjeit added a commit that referenced this issue Nov 30, 2023
@Fasjeit
EcDsa signing using preset HashAlgorithmName
a2a52db 
#67
Fasjeit added a commit that referenced this issue Dec 5, 2023
@Fasjeit
EcDsa correct signature trimming
f41d7ed 
#67
Fasjeit added a commit that referenced this issue Dec 5, 2023
@Fasjeit
* EcDsa pkcs remove extra der conversions
bc7dd11 
#67
@Fasjeit Fasjeit closed this as completed in eaebd2e Dec 5, 2023
Fasjeit added a commit that referenced this issue Dec 5, 2023
@Fasjeit
EcDsa pkcs remove extra der conversions fix [2]
5681af9 
#67
Fasjeit added a commit that referenced this issue Dec 5, 2023
@Fasjeit
correctly select hash algorithms for ecdsa in cms
9a314c4 
#67
@Fasjeit Fasjeit reopened this Dec 5, 2023
Fasjeit added a commit that referenced this issue Dec 6, 2023
@Fasjeit
Making EcDsa ms-like (ieee format for signatures)
e825e96 
#67
Fasjeit added a commit that referenced this issue Dec 7, 2023
@Fasjeit
EcDsa cms tests
6267141 
#67
Fasjeit added a commit that referenced this issue Dec 7, 2023
@Fasjeit
fixing ecdsa cms tests
b34ca43 
#67
Fasjeit added a commit that referenced this issue Dec 7, 2023
@Fasjeit
Fixing ecdsa key sizes and types, fixing ecdsa pkcs test
ee1d951 
#67
@Fasjeit
Copy link
Collaborator Author

Fasjeit commented Dec 7, 2023

TLS проверил только односторонний. CMS подписывается sha256 и проверяется на sha-1 и sha256. С виндой совместимо (проверка проходит).

В качестве подписи провайдер возвращает в сыром виде (r||t). Для этого используем флаг CP_ECC_PLAIN_SIGNATURE_CNG_REVERSED после чего разворачиваем подпись.

ASN1 в cms формируется руками, по аналогии реализации от ms.

@Fasjeit
Copy link
Collaborator Author

Fasjeit commented Dec 7, 2023

Для формирования cms подписи нужно явно передать закрытый ключ, так как свойство PrivateKey не поддерживается для EcDsa (по изначальной логике ms).

using (var ecDsaCert = ... ) //X509Certificate2
{
    var key = ecDsaCert.GetECDsaPrivateKey();

    var contentInfo = new ContentInfo(bytesToHash);
    var signedCms = new SignedCms(contentInfo, false);
    // Явно указываем закрытый ключ
    CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, ecDsaCert, key);
    cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.Now));
    signedCms.ComputeSignature(cmsSigner);
    signature = signedCms.Encode();
    Console.WriteLine($"CMS Sign: {Convert.ToBase64String(signature)}");
}

@Fasjeit Fasjeit closed this as completed Dec 7, 2023
@Fasjeit
Copy link
Collaborator Author

Fasjeit commented Dec 8, 2023

Создание нового ключа не поддерживаем (пустой конструктор и создание ключа через CspParams). Если будет нужно - сделаем потом отдельно.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Fasjeit Fasjeit

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Fasjeit