pki: select appropriate hash algorithm for ecdsa signed certificates #11006
Comments
Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
|
Hi, Do we have any update on this? My certificate is getting signed using ecdsa-with-SHA256 and I don't know how to set it to ecdsa-with-SHA384. The intermediate certificate that I have written to vault is using ecdsa-with-SHA384. I am using vault version 1.8.0. Thanks |
|
@HridoyRoy @hsimon-hashicorp How can we proceed with this issue? |
|
Hi @oncilla and @vikramchhibber - I am asking the engineering team for guidance on this issue. Thanks for your patience! |
|
Thanks @HridoyRoy @hsimon-hashicorp. We see that some changes related to this got merged recently Is it possible to have these changes in coming 1.9.x release? Regards |
|
That change allows to implement the correct behavior by explicitly setting the Furthermore, from a UX perspective, this is not very nice. If I create a CSR for a 384 bit ecdsa key, it should just use sha384 by default, as this is the only "reasonable" value in the first place. |
|
Thanks @oncilla. |
Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
|
@vikramchhibber It looks like #11216 is finally progressing. 🤞 it will be part of a release soon. |
Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
* certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006
|
Hi @oncilla, I have merged the PR for your fix for this issue. I will make sure that the fix is included in the upcoming 1.9 release. I want to thank you for the great job you have done with this PR, it is very much appreciated. I'm aware that you have at least one more PR in review, I will be taking a look at it soon. |
* certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006
|
Please note that this fix did not make it into Vault 1.9.0-rc1, but it will likely make it to Vault 1.9.0. |
* certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006
…) (#13096) * certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes #11006 Co-authored-by: Dominik Roos <domi.roos@gmail.com>
…icorp#11216) * certutil: select appropriate hash algorithm for ECDSA signature Select the appropriate signature algorithm for certificates signed with an ECDSA private key. The algorithm is selected based on the curve: - P-256 -> x509.ECDSAWithSHA256 - P-384 -> x509.ECDSAWithSHA384 - P-521 -> x509.ECDSAWithSHA512 - Other -> x509.ECDSAWithSHA256 fixes hashicorp#11006
Is your feature request related to a problem? Please describe.
Currently, when issuing certificates, vault always sets the signature algorithm to
ECDSAWithSHA256if an ecdsa key is used.The key length is not taken into consideration:
vault/sdk/helper/certutil/helpers.go
Lines 602 to 603 in 056dd26
vault/sdk/helper/certutil/helpers.go
Lines 622 to 623 in 056dd26
The BSI recommendations (section 4.2) are to use a hash size of the same length as the key size.
The Mozilla root store policy (section 5.1.2) even forbids
ECDSAWithSHA256for a key of length 384.Describe the solution you'd like
Instead of setting the
SignatureAlgorithmexplicitly in the certificate template, vault should leave theSignatureAlgorithmunspecified. Thex509library will select the appropriate algorithm:https://github.com/golang/go/blob/37ca84a9cd6a8a76dfe91263a17d2b92b17a24b3/src/crypto/x509/x509.go#L2024-L2038
Alternatively, the
pkiengine could be extended to take the hash algorithm as input, similar to transitDescribe alternatives you've considered
N/A
Explain any additional use-cases
I would like to be able to issue certificates with a
p384or ap521key and use the appropriate hash algorithm.Additional context
BSI:
Mozilla:
The text was updated successfully, but these errors were encountered: