New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pki: select appropriate hash algorithm for ecdsa signed certificates #11006
Comments
Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
Hi, Do we have any update on this? My certificate is getting signed using ecdsa-with-SHA256 and I don't know how to set it to ecdsa-with-SHA384. The intermediate certificate that I have written to vault is using ecdsa-with-SHA384. I am using vault version 1.8.0. Thanks |
@HridoyRoy @hsimon-hashicorp How can we proceed with this issue? |
Hi @oncilla and @vikramchhibber - I am asking the engineering team for guidance on this issue. Thanks for your patience! |
Thanks @HridoyRoy @hsimon-hashicorp. We see that some changes related to this got merged recently Is it possible to have these changes in coming 1.9.x release? Regards |
That change allows to implement the correct behavior by explicitly setting the Furthermore, from a UX perspective, this is not very nice. If I create a CSR for a 384 bit ecdsa key, it should just use sha384 by default, as this is the only "reasonable" value in the first place. |
Thanks @oncilla. |
Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
@vikramchhibber It looks like #11216 is finally progressing. 🤞 it will be part of a release soon. |
Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
* certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006
Hi @oncilla, I have merged the PR for your fix for this issue. I will make sure that the fix is included in the upcoming 1.9 release. I want to thank you for the great job you have done with this PR, it is very much appreciated. I'm aware that you have at least one more PR in review, I will be taking a look at it soon. |
* certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006
Please note that this fix did not make it into Vault 1.9.0-rc1, but it will likely make it to Vault 1.9.0. |
* certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006
…) (#13096) * certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006 Co-authored-by: Dominik Roos <domi.roos@gmail.com>
…icorp#11216) * certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
Is your feature request related to a problem? Please describe.
Currently, when issuing certificates, vault always sets the signature algorithm to
ECDSAWithSHA256
if an ecdsa key is used.The key length is not taken into consideration:
vault/sdk/helper/certutil/helpers.go
Lines 602 to 603 in 056dd26
vault/sdk/helper/certutil/helpers.go
Lines 622 to 623 in 056dd26
The BSI recommendations (section 4.2) are to use a hash size of the same length as the key size.
The Mozilla root store policy (section 5.1.2) even forbids
ECDSAWithSHA256
for a key of length 384.Describe the solution you'd like
Instead of setting the
SignatureAlgorithm
explicitly in the certificate template, vault should leave theSignatureAlgorithm
unspecified. Thex509
library will select the appropriate algorithm:https://github.com/golang/go/blob/37ca84a9cd6a8a76dfe91263a17d2b92b17a24b3/src/crypto/x509/x509.go#L2024-L2038
Alternatively, the
pki
engine could be extended to take the hash algorithm as input, similar to transitDescribe alternatives you've considered
N/A
Explain any additional use-cases
I would like to be able to issue certificates with a
p384
or ap521
key and use the appropriate hash algorithm.Additional context
BSI:
Mozilla:
The text was updated successfully, but these errors were encountered: