crypto/ecdsa: add methods to convert keys to crypto/ecdh format #56088
Comments
pedroalbanese
changed the title
ianlancetaylor
changed the title
ianlancetaylor
added
the
Proposal-Crypto
|
CC @golang/security |
|
doesn't this already exist https://pkg.go.dev/golang.org/x/crypto/curve25519#X25519 |
|
Hi, This already exists, but x509 library doesn't support it, so it's not possible to convert private keys to PEM format, more precisely the MarshalPKCS8PrivateKey package main
import (
"crypto/x509"
"encoding/pem"
"log"
)
func main() {
pKey := `-----BEGIN PRIVATE KEY-----
MCowBQYDK2VuAyEAfLLsWKkI/7EmTOkSf4fyHuRHDnKk6qNncWDzV8jlIUU=
-----END PRIVATE KEY-----`
block, _ := pem.Decode([]byte(pKey))
if block == nil || block.Type != "PRIVATE KEY" {
log.Fatal("failed to decode PEM block containing private key")
}
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
log.Println("Parse PKI Error:", err)
return
}
log.Println(key)
}
|
|
What are the API changes or implementation changes you are proposing in the x509 package? /cc @golang/security |
|
This proposal has been added to the active column of the proposals project |
(I don't understand if this question is for me) x509.MarshalPKCS8PrivateKey() and x509.ParsePKCS8PrivateKey(). I'm afraid the OID of algorithm need to be included. |
|
MarshalECPrivateKey is hardcoded to deal with crypto/ecdsa keys, and Curve25519 is not compatible with that package, or ever used with ECDSA. MarshalPKCS8PrivateKey and maybe MarshalPKIXPublicKey are more flexible. What we need to support a new key type is a discrete OID to tell the key apart, and a Go type to marshal/parse from/into. RFC 8410, Section 3 gives us dedicated OIDs for Curve25519 keys, and we now have crypto/ecdh.PrivateKey and PublicKey for X25519 keys, so this should be easily doable. Unfortunately, we can't do the same for crypto/ecdh keys based on NIST curves, because those use the same OIDs as the ECDSA keys on the same curves, regrettably. We could make MarshalPKCS8PrivateKey and MarshalPKIXPublicKey support crypto/ecdh keys, but then the Parse counterparts would produce crypto/ecdsa keys, instead of round-tripping cleanly. This was discussed in #52221 (comment). Maybe that's acceptable if crypto/ecdsa keys have methods to produce crypto/ecdh keys. Opinions? |
FiloSottile
changed the title
That seems like a reasonable path forward. Any objections to doing that? |
|
OK, it sounds like maybe there are no objections. ecdh does not import ecdsa, so we should be able to add methods in ecdsa. I guess it would be Do I have that right? |
rsc
changed the title
|
Based on the discussion above, this proposal seems like a likely accept. |
|
Change https://go.dev/cl/450815 mentions this issue: |
|
I ended up adding an error return, since crypto/ecdsa keys can be invalid and crypto/ecdh can't. |
This specifically doesn't add support for X25519 certificates. Refactored parsePublicKey not to depend on the public PublicKeyAlgorithm values, and ParseCertificate/ParseCertificateRequest to ignore keys that don't have a PublicKeyAlgorithm even if parsePublicKey supports them. Updates #56088 Change-Id: I2274deadfe9bb592e3547c0d4d48166de1006df0 Reviewed-on: https://go-review.googlesource.com/c/go/+/450815 Reviewed-by: Roland Shoemaker <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Joedian Reid <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]>
|
Error returns makes sense to me. |
|
Change https://go.dev/cl/450816 mentions this issue: |
|
No change in consensus, so accepted. 🎉 |
rsc
changed the title
|
Thank You very much! |
Update, Nov 9 2022: Proposal is #56088 (comment)
Greetings!
I need Privacy-Enhanced Mail (PEM) support for Curve25519 private keys, more precisely X25519, like OpenSSL. Currently Go's standard libraries only support Ed25519 private keys, not Curve25519 for this task.
Thanks in Advance!
The text was updated successfully, but these errors were encountered: