mirror of
https://github.com/moepman/acertmgr.git
synced 2024-12-27 11:51:50 +01:00
tools: Add support for Ed25519 and Ed448 account keys
Add support for Ed25519 and Ed448 account keys in addition to already supported algorithms
This commit is contained in:
parent
88d4a52ab9
commit
4f0fe2c74a
@ -21,7 +21,8 @@ Optional packages (required to use specified features)
|
||||
* dnspython: used by dns.* challenge handlers
|
||||
* idna: to allow automatic conversion of unicode domain names to their IDNA2008 counterparts
|
||||
* cryptography>=2.1: for creating certificates with the OCSP must-staple flag (cert_must_staple)
|
||||
|
||||
* cryptography>=2.6: for usage of (pre-created) Ed25519 keys
|
||||
|
||||
Setup
|
||||
-----
|
||||
|
||||
|
@ -21,6 +21,11 @@ from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
|
||||
from cryptography.utils import int_to_bytes
|
||||
from cryptography.x509.oid import NameOID, ExtensionOID
|
||||
|
||||
try:
|
||||
from cryptography.hazmat.primitives.asymmetric import ed25519, ed448
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
try:
|
||||
from urllib.request import urlopen, Request # Python 3
|
||||
except ImportError:
|
||||
@ -260,6 +265,19 @@ def get_key_alg_and_jwk(key):
|
||||
return alg, {"kty": "EC", "crv": crv,
|
||||
"x": bytes_to_base64url(int_to_bytes(numbers.x, full_octets)),
|
||||
"y": bytes_to_base64url(int_to_bytes(numbers.y, full_octets))}
|
||||
elif "cryptography.hazmat.primitives.asymmetric.ed25519" in sys.modules and isinstance(key,
|
||||
ed25519.Ed25519PrivateKey):
|
||||
# See https://tools.ietf.org/html/rfc8037#appendix-A.2
|
||||
return "EdDSA", {"kty": "OKP", "crv": "Ed25519",
|
||||
"x": bytes_to_base64url(key.public_key().public_bytes(encoding=serialization.Encoding.Raw,
|
||||
format=serialization.PublicFormat.Raw)
|
||||
)}
|
||||
elif "cryptography.hazmat.primitives.asymmetric.ed448" in sys.modules and isinstance(key,
|
||||
ed448.Ed448PrivateKey):
|
||||
return "EdDSA", {"kty": "OKP", "crv": "Ed448",
|
||||
"x": bytes_to_base64url(key.public_key().public_bytes(encoding=serialization.Encoding.Raw,
|
||||
format=serialization.PublicFormat.Raw)
|
||||
)}
|
||||
else:
|
||||
raise ValueError("Unsupported key: {}".format(key))
|
||||
|
||||
@ -283,6 +301,8 @@ def signature_of_str(key, string):
|
||||
# convert DER signature to RAW format (https://tools.ietf.org/html/rfc7518#section-3.4)
|
||||
r, s = decode_dss_signature(der_sig)
|
||||
return int_to_bytes(r, full_octets) + int_to_bytes(s, full_octets)
|
||||
elif alg == 'EdDSA':
|
||||
return key.sign(data)
|
||||
else:
|
||||
raise ValueError("Unsupported signature algorithm: {}".format(alg))
|
||||
|
||||
|
@ -11,6 +11,7 @@ optdepends=('python-yaml: Support config files in YAML format'
|
||||
'python-idna: Support conversion of unicode domains'
|
||||
'python-dnspython: Support for dns challenge handlers'
|
||||
'python-cryptography>=2.1: Support for the OCSP must-staple flag'
|
||||
'python-cryptography>=2.6: Support for Ed25519 key support'
|
||||
)
|
||||
makedepends=('git')
|
||||
conflicts=('python-acertmgr')
|
||||
|
@ -11,6 +11,7 @@ optdepends=('python2-yaml: Support config files in YAML format'
|
||||
'python2-idna: Support conversion of unicode domains'
|
||||
'python2-dnspython: Support for dns challenge handlers'
|
||||
'python2-cryptography>=2.1: Support for the OCSP must-staple flag'
|
||||
'python2-cryptography>=2.6: Support for Ed25519 key support'
|
||||
)
|
||||
makedepends=('git')
|
||||
conflicts=('python-acertmgr')
|
||||
|
Loading…
Reference in New Issue
Block a user