-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Elliptic curves #48
Comments
+1 this is confusing |
OpenSSL (and I assume other tools?) generate DER-encoded keys in the RFC5915 structure. Filesize is 121 bytes for secp256r1, which consists of the curve OID, private key and public key. Given that the keys themselves are already 96 bytes it's a 26% overhead, but I think it would make key-generation a lot simpler and resource 3 (Public Key or Identity) would not be needed for RPK mode. It also allows for compression if someone wants to use it (size drops to 89 bytes), and future extensibility. |
The raw public key structure, namely SubjectPublicKeyInfo, does not only include the raw key but also relevant parameters to the describe the public key crypto system. Here is the link to the document: https://tools.ietf.org/html/rfc7250 I do, however, agree that the text in Appendix E.1.1.2, see below, is incomplete and incorrect. It is incomplete since it does not specify the actual encoding and it is incorrect with regards to the size indication since the size depends on ASN.1 encoding of the parameters. This needs to be fixed for LWM2M version 1.0. E.1.1.2 Raw-Public Key (RPK) Mode |
In an attempt to write a chance request I noticed two problems:
Note that this issue is also applicable to the encoding of the private key for the certificate mode. Furthermore, there is also not format defined for the encoding of the certificate. PKCS #12 is a possible candidate. |
Addressed by CR101 : includedin Oct16 TS => to be closed |
Issue closed per Thierry's comment that is addresses in October 2016 TS |
CoAP says "The curve secp256r1 MUST be supported" but also "The type and length of the raw public key depends on the cipher suite used". I think that means that it doesn't prohibit other curves.
If that's the case then there needs to be a "curve name" resource in the security object.
The text was updated successfully, but these errors were encountered: