You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the private key is wrapped in a CurvePrivateKey object and wrapped by the OCTET STRING of the "privateKey" field.
public_key:der_decode/2 does not unwrap the EDDSA private key.
All other functions assume that #'ECPrivateKey'.privateKey holds the raw key.
crypto:* calls fail with badarg when a EDDSA private key obtained from public_keys ASN-1 processing is used.
It is impossible to use a EDDSA private keys in tls_client_option() and tls_server_option().
public_key:der_encode/2 does not wrap EDDSA private keys.
EDDSA private keys obtained from public_key:generate_key1 and encoded to DER with public_key:der_encode/2 do not work with openssl (or any other standard conforming tool).
To Reproduce
the eddsa_pri_pkcs8.pem test file in public_key_SUITE_data (also documented in RFC8410 Section-10.3):
the result is the still wrapped (34 octes long, prefixed by 16#04, 16#20) private key.
An attempt to use it will fail (the C code checks the key-length).
7> public_key:sign(<<>>, none, ECPrivKey).
** exception error: bad argument
in function crypto:pkey_sign_nif/5
called as crypto:pkey_sign_nif(eddsa,none,<<>>,
[<<4,32,212,238,114,219,249,19,88,74,213,182,216,
241,247,105,248,173,58,254,124,40,203,241,...>>,
ed25519],
[])
in call from crypto:sign/5 (crypto.erl, line 1366)
Expected behavior
public_key:der_decode/2 must unwrap EDDSA private keys public_key:der_encode/2 must wrap EDDSA private keys
Affected versions
24.0.*
Additional context
this was found by trying to use X509 certificates with ed-25519 keys in erlang ssl.
The text was updated successfully, but these errors were encountered:
IngelaAndin
added
testing
currently being tested, tag is used by OTP internal CI
and removed
testing
currently being tested, tag is used by OTP internal CI
labels
Aug 30, 2021
Describe the bug
RFC8410 Section 7 states:
public_key:der_decode/2
does not unwrap the EDDSA private key.All other functions assume that
#'ECPrivateKey'.privateKey
holds the raw key.crypto:*
calls fail withbadarg
when a EDDSA private key obtained from public_keys ASN-1 processing is used.It is impossible to use a EDDSA private keys in
tls_client_option()
andtls_server_option()
.public_key:der_encode/2
does not wrap EDDSA private keys.EDDSA private keys obtained from
public_key:generate_key1
and encoded to DER withpublic_key:der_encode/2
do not work with openssl (or any other standard conforming tool).To Reproduce
the
eddsa_pri_pkcs8.pem
test file inpublic_key_SUITE_data
(also documented in RFC8410 Section-10.3):an attempt to get the private key with erlang:
the result is the still wrapped (34 octes long, prefixed by
16#04, 16#20
) private key.An attempt to use it will fail (the C code checks the key-length).
Expected behavior
public_key:der_decode/2
must unwrap EDDSA private keyspublic_key:der_encode/2
must wrap EDDSA private keysAffected versions
24.0.*
Additional context
this was found by trying to use X509 certificates with ed-25519 keys in erlang ssl.
The text was updated successfully, but these errors were encountered: