Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feature] Importing existing CA: KeyError: 'ecdsa-with-SHA384' #118

Open
MEschenbacher opened this issue Jun 12, 2021 · 5 comments
Open

Comments

@MEschenbacher
Copy link

MEschenbacher commented Jun 12, 2021

I'm trying to importing an existing CA certificate which generates an error:

  File "/home/max/git/django-x509/django_x509/base/models.py", line 362, in _import
    self.digest = SIGNATURE_MAPPING[algorithm]
KeyError: 'ecdsa-with-SHA384'
[13/Jun/2021 00:03:38] "POST /admin/django_x509/ca/add/ HTTP/1.1" 500 142363

Looking into django_x509/base/models.py dict SIGNATURE_MAPPING: are EC signatures and certificates/keys supported?

@nemesifier
Copy link
Member

I'm trying to importing an existing CA certificate which generates an error:

  File "/home/max/git/django-x509/django_x509/base/models.py", line 362, in _import
    self.digest = SIGNATURE_MAPPING[algorithm]
KeyError: 'ecdsa-with-SHA384'
[13/Jun/2021 00:03:38] "POST /admin/django_x509/ca/add/ HTTP/1.1" 500 142363

Looking into django_x509/base/models.py dict SIGNATURE_MAPPING: are EC signatures and certificates/keys supported?

@MEschenbacher looks like these are not supported:

SIGNATURE_MAPPING = {
'sha1WithRSAEncryption': 'sha1',
'sha224WithRSAEncryption': 'sha224',
'sha256WithRSAEncryption': 'sha256',
'sha384WithRSAEncryption': 'sha384',
'sha512WithRSAEncryption': 'sha512',
}

I guess these can be added with a bit of work.

How do you generate an ecdsa cert for testing purposes?

@MEschenbacher
Copy link
Author

Here's a minimal example for creation of the ecdsa certificate:

openssl ecparam -genkey -name secp384r1 | openssl ec -aes256 -out ca.key.pem
openssl req -new -sha384 -key ca.key.pem -out ca.req.pem
openssl req -x509 -sha384 -days 365 -key ca.key.pem -in ca.req.pem -out ca.cert.pem

@nemesifier nemesifier changed the title Importing existing CA: KeyError: 'ecdsa-with-SHA384' [feature] Importing existing CA: KeyError: 'ecdsa-with-SHA384' Jul 18, 2021
@sid-008
Copy link

sid-008 commented Jun 1, 2023

Hey there @nemesisdesign I'd like to take a shot at working on this, how do you propose I start?

@nemesifier
Copy link
Member

Hey there @nemesisdesign I'd like to take a shot at working on this, how do you propose I start?

Start with https://github.com/openwisp/django-x509#installing-for-development, then come to the dev chat to coordinate.

@nemesifier
Copy link
Member

To support this feature properly, we must add a way to specify the algorithm used for generating the certificate, which now is hardcoded to be crypto.TYPE_RSA (RSA).

An attempt was made in #140.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: To do (Python & Django)
Development

Successfully merging a pull request may close this issue.

3 participants