Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No ability to import an existing key to use with signer #107

Open
OR13 opened this issue Oct 1, 2022 · 8 comments
Open

No ability to import an existing key to use with signer #107

OR13 opened this issue Oct 1, 2022 · 8 comments
Assignees
@thomas-fossati
Labels
ready-for-pr
Milestone
Future

Comments

@OR13
Copy link
Collaborator

OR13 commented Oct 1, 2022

In order to cross test, we need the ability to import keys generated from other libraries, sign with this library, verify with this library, export the key, make sure it serializes the same way... then test the other library in a similar manner.

AFAIk, this library does not expose any key import / export functionality.

Example key I would like to import:

{
  "kid": "urn:ietf:params:oauth:jwk-thumbprint:sha-256:PWieDT0tQrlUu_YiggAjPhcLYrFmQRxKxstEhH2E7bY",
  "kty": "EC",
  "crv": "P-521",
  "alg": "ES512",
  "x": "AbYsupr2HVrjj-rxRHFuFOoTzjfYJhoMPJHjd6ZoAJu-f4G3j9YkpGZGW03zIbfpB-h4Sa8xp80umXUrwOLNw7ij",
  "y": "AeUJ7n0jk9IwCIZYDTMcZ9Kj4NsDb1SZqBufpbz6CMIciyixMLJjQx5xwLWMLhVDCs-iw3EQnrho6CrRWgqlqQ6p",
  "d": "AVNjoYJ2sPUjNzk_7jvQ9KooE6qBjoPv2p7vk1WXgTSaY-tWSfmIdr3j6HI9b1oAY8s5qbxrpdG4aOqehMPuouTO"
}

Example interfaces I would like supported:
@thomas-fossati
Copy link
Contributor

Zeitgeist! I was going to raise an equivalent FR myself :-)

We use JWK a lot as an interchange format and we have been writing the same adapter code again and again. Having an off-the-shelf SignerFromJWK provided by go-cose would be very handy.

Also in scope, an equivalent adapter around COSE_Key.

@yogeshbdeshpande
Copy link
Contributor

@thomas-fossati Is that the common components of extracting signer and public key from JWK Key, which we use heavily in Veraison code base testing ?

@thomas-fossati
Copy link
Contributor

@thomas-fossati Is that the common components of extracting signer and public key from JWK Key, which we use heavily in Veraison code base testing ?

yes, and in the various CLIs too.

@yogeshbdeshpande
Copy link
Contributor

Yes, best that the code be part of go-cose componentry and every user invokes consistently the same set of methods!
100% with you on this.

@yogeshbdeshpande
Copy link
Contributor

yogeshbdeshpande commented Nov 4, 2022
edited

This is not blocking any release but a very useful enhancement to have!
Needs to review which is the correct location!

@ivarprudnikov
Copy link

You could use https://github.com/MicahParks/keyfunc to import JWKS

Example in their test that converts JSON to a set of keys https://github.com/MicahParks/keyfunc/blob/master/jwks_test.go#L228 via keyfunc.NewJSON([]byte(jwksJSON))

@SteveLasker SteveLasker added this to the Future milestone Feb 10, 2023
@ivarprudnikov
Copy link

There is yet another library for working with JSON representation of the keys https://github.com/lestrrat-go/jwx

@SteveLasker
Copy link
Contributor

@thomas-fossati, any thoughts on this one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomas-fossati thomas-fossati

Labels
ready-for-pr
Projects
None yet
Milestone
Future
Development

No branches or pull requests
8 participants
@ivarprudnikov @qmuntal @SteveLasker @OR13 @thomas-fossati @yogeshbdeshpande @shizhMSFT @roywill