New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify public key format #315

Open
aaronpk opened this Issue Jul 11, 2018 · 11 comments

Comments

Projects
None yet
5 participants
@aaronpk
Member

aaronpk commented Jul 11, 2018

Currently, Mastodon and Pleroma are publishing public keys on profiles in different formats. I discovered this when I tried to load a Pleroma public key using PHP's built-in openssl, and it failed.

Compare:

@Gargron

"publicKey": {
"id": "https://mastodon.social/users/Gargron#main-key",
"owner": "https://mastodon.social/users/Gargron",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXc4vkECU2/CeuSo1wtn\nFoim94Ne1jBMYxTZ9wm2YTdJq1oiZKif06I2fOqDzY/4q/S9uccrE9Bkajv1dnkO\nVm31QjWlhVpSKynVxEWjVBO5Ienue8gND0xvHIuXf87o61poqjEoepvsQFElA5ym\novljWGSA/jpj7ozygUZhCXtaS2W5AD5tnBQUpcO0lhItYPYTjnmzcc4y2NbJV8hz\n2s2G8qKv8fyimE23gY1XrPJg+cRF+g4PqFXujjlJ7MihD9oqtLGxbu7o1cifTn3x\nBfIdPythWu5b4cujNsB3m3awJjVmx+MHQ9SugkSIYXV0Ina77cTNS0M2PYiH1PFR\nTwIDAQAB\n-----END PUBLIC KEY-----\n"
},

@0x1C3B00DA

"publicKey": {
"id": "https://edolas.world/users/0x1C3B00DA#main-key",
"owner": "https://edolas.world/users/0x1C3B00DA",
"publicKeyPem": "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEArOZcTGQ8CQW1Z4aY8okyfaZrGndOcVr2SPAOOmU/C7pDr7mMbOnY\nlA8lUAeUvk294v3j69BBLI5El9x+KcroT99qyAxioLS0W1T60zi+2OfcHoD5apSG\nkWdXKLJkIW0FVnX67eY18TrKKvhoFi7iGtHW+C0XKTkb7DNDqg3pVJj56lDJDn3v\ndUWekKzw4PcKPB4/AR1LCnGPMhRyTsg6kjemw3S95zlw39/TNsNkHCch6332GeaJ\noUkwg1bAnVlAGNszAj8ZL/rPfvPIeHzSFOUfVkeAb4faChrhplcos0ah+b1xoZHm\nBCDxzyMxSkUAQa/q8k5Jp+qE6l6Z+02hXQIDAQAB\n-----END RSA PUBLIC KEY-----\n\n"
},

It would be great if the encoding format was specified so that we don't continue to have implementations use differing formats.

@cwebber

This comment has been minimized.

Collaborator

cwebber commented Jul 12, 2018

I can't load using Racket's crypto library either, which is also using openssl, but I think its own ASN.1 library to parse the key data.

datum->pk-key: d2i_PUBKEY: wrong tag [asn1 encoding routines:ASN1_CHECK_TLEN:218529960]

Insert my standard complaint about the impenetrability of ASN.1 / PEM encoded keys, and how I wish we were all using canonical s-exps instead.

@cwebber

This comment has been minimized.

Collaborator

cwebber commented Jul 12, 2018

The mastodon key loads fine though.

@cwebber

This comment has been minimized.

Collaborator

cwebber commented Jul 12, 2018

I wonder if there is an error in the ASN.1 encoding in however Pleroma is generating / rendering its keys?

I tried looking in the Pleroma's codebase for where the keys may be generated or rendered to PEM format but I couldn't figure out where it was.

@nightpool

This comment has been minimized.

nightpool commented Jul 12, 2018

@kaniini

This comment has been minimized.

kaniini commented Jul 12, 2018

they are pkcs#1, Mastodon renders pkcs#8. we can change the key format, but supporting both ways is probably ideal.

@kaniini

This comment has been minimized.

kaniini commented Jul 12, 2018

sorry I meant x509.

@aschrijver

This comment has been minimized.

aschrijver commented Aug 19, 2018

I am also confused to how publicKey format is actually defined. Currently:

  • The namespace https://w3id.org/security/v1 redirects to a JSON-LD schema from web-payments.org
  • The website https://w3id.org has minimal documentation on permanent ID's and adding a PR to their site (i.e. not related to AP)
  • The web-payments spec doesn't have a notation where publicKey is a json object holding other keys (nor does the JSON-LD schema define this).

So like @aaronpk I am very much in favour of having this documented more clearly :)

@nightpool

This comment has been minimized.

nightpool commented Aug 19, 2018

@aschrijver not sure what you mean.... https://web-payments.org/vocabs/security#publicKey does have an example?

@nightpool

This comment has been minimized.

nightpool commented Aug 19, 2018

And the JSON-LD schema backs this up...

    "publicKey": {
      "@id": "sec:publicKey",
      "@type": "@id"
    },
@aschrijver

This comment has been minimized.

aschrijver commented Aug 19, 2018

Whoa, you are right. Overlooked it in the doc. Thx! And I'll have to read the json-ld spec better for the schema thing.

@aschrijver

This comment has been minimized.

aschrijver commented Aug 20, 2018

There seems to be an error in the example at https://web-payments.org/vocabs/security#publicKey where the included key text at publicKeyPem indicates the private key, not the public key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment