Add support for parsing ASN.1 ECDSA key pairs without the PKCS#8 metadata. #1456
Conversation
farcaller
force-pushed
the
ec-private-key
branch
from
ec49534
to
8f0598f
Compare
farcaller
force-pushed
the
ec-private-key
branch
from
a9ccd8d
to
d4e80c0
Compare
|
Tentative ping. |
|
@briansmith Would you be open to this feature if it were rebased on main? We have a bit of a hack upstream in rustls patching over this and it might be nice to drop it one day. |
briansmith
changed the title
|
@cpu Yes, I would. Would you do RSA and EdDSA too? |
|
I don’t mind adding the others too. Let me see if I remember how it works, was a while since I touched this code. |
|
Great thank you both. Happy to support as appropriate. |
Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
…are already covered by the pkcs#8 test. Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
farcaller
force-pushed
the
ec-private-key
branch
from
d4e80c0
to
2ee2344
Compare
|
@briansmith do you know any good producers of RSA keys? I thought ssh ones would fit but they are actually in a different format. |
|
|
Sorry, I was out of free cycles the previous week to follow up on this. @briansmith do you mind those two being decoupled, given how rebase was pretty smooth? I think the ec keys can go forward straight on and unblock rustls, and I'll work on the RSA keys in a separate PR then. |
|
@farcaller I looked more into how Rustls is using the existing APIs. I think we should "just" refactor the ring PKCS#8 API so that it works more like what Rustls needs, to avoid Rustls needing to jump through hoops. Please see #1889. |
This adds support for EC PRIVATE KEY, i.e. non pkcs8-wrapped keys.