Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support reading ECDSA private keys in "openssl ecparam -genkey" output format #332

Closed
dfoxfranke opened this issue Jan 5, 2020 · 6 comments
Closed

Support reading ECDSA private keys in "openssl ecparam -genkey" output format #332

dfoxfranke opened this issue Jan 5, 2020 · 6 comments

Comments

@dfoxfranke
Copy link

Running openssl ecparam -genkey -name prime256v1 gives output like this:

-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIMAE+BTzAWcOIlF3Ws/rwnGjR/edsqi8yRkDACA5I5qnoAoGCCqGSM49
AwEHoUQDQgAEx5fZWcozQkJM1RxdtZmYRsRCfRPPMZDgxUWcDqqUnIoWPgYpRCFf
s58AWKN3DoGigIC3lxXODamfN6mcZPBg2w==
-----END EC PRIVATE KEY-----

The contents of the -----BEGIN EC PRIVATE KEY----- block are defined in RFC 5915. The -----BEGIN EC PARAMETERS----- block just contains the OID of the curve and is redundant with the parameters field of the ECPrivateKey block.

It would be helpful if rustls exposed a function that can parse this. Right now the user has to convert it to PKCS#8 (via openssl pkcs8 -topk8 -nocrypt) before rustls can consume it.
@ctz
Copy link
Member

ctz commented Apr 18, 2020

This would need support in ring

@blaggacao blaggacao mentioned this issue Oct 12, 2020
Open
@blaggacao
Copy link

blaggacao commented Oct 12, 2020
edited

I'm not familiar at all with rust, but looking at some examples, it looks as if a parsed ECDSA in principle would be supported?
https://github.com/ctz/rustls/blob/20a2c5811ad35c90de0737ad97e738037f6ca06f/rustls/src/server/mod.rs#L265-L269

Also:
https://github.com/ctz/rustls/blob/e3bb8b81cfc297554ed5bda2aa3740c7afb962c5/rustls/src/sign.rs#L134-L138

@blaggacao blaggacao mentioned this issue Oct 12, 2020
Closed
4 tasks
@briansmith
Copy link
Contributor

This would need support in ring

I am OK with adding support to ring to parse ECPrivateKey directly, without the PKCS#8 wrapper.

@kazk kazk mentioned this issue Jun 4, 2021
Closed
@adamchalmers
Copy link

This would need support in ring

I am OK with adding support to ring to parse ECPrivateKey directly, without the PKCS#8 wrapper.

@briansmith, thanks for offering to include this in Ring. Is there a Ring issue I can follow for this? I tried to find one and I couldn't, apologies if my issue-fu wasn't up to scratch.

@olix0r olix0r mentioned this issue Oct 4, 2021
Closed
@olix0r olix0r mentioned this issue Oct 19, 2021
Closed
@Darkspirit Darkspirit mentioned this issue Feb 4, 2022
Closed
@farcaller
Copy link

The ring PR for this feature is briansmith/ring#1456.

@ctz ctz mentioned this issue Feb 6, 2022
Merged
@ctz
Copy link
Member

ctz commented Feb 6, 2022

Please see discussion on #998 and #997

@ctz ctz closed this as completed Feb 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@farcaller @briansmith @ctz @dfoxfranke @adamchalmers @blaggacao