Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys #37237

Closed
mhalbritter opened this issue Sep 7, 2023 · 4 comments
Closed

PrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys #37237

mhalbritter opened this issue Sep 7, 2023 · 4 comments
Assignees
@mhalbritter
Labels
type: bug A general bug
Milestone
2.7.16

Comments

@mhalbritter
Copy link
Contributor

mhalbritter commented Sep 7, 2023
edited

Here's such a ed448 key:

-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOSSF8O0uKk5pRrjUNV+QgonwO+WeDRb/i1U7vM+TLzh7
jAV58E6oglA53konKxGv+GC38dCb72gSeQ==
-----END PRIVATE KEY-----

(it has been generated with openssl genpkey -algorithm ed448 -out ed448.key and then converted to PKCS#8 with openssl pkcs8 -topk8 -in ed448.key -nocrypt -out ed448_2.key).

I guess the only change needed is to include Ed448 in these lines:

parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8, "RSA", "EC", "DSA", "Ed25519"));

parsers.add(new PemParser(PKCS8_ENCRYPTED_HEADER, PKCS8_ENCRYPTED_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8Encrypted, "RSA", "EC", "DSA", "Ed25519"));

and add tests for it.
@mhalbritter mhalbritter added the type: bug A general bug label Sep 7, 2023
@mhalbritter mhalbritter added this to the 2.7.x milestone Sep 7, 2023
@philwebb
Copy link
Member

philwebb commented Sep 7, 2023

Now that we have a DerElement class I wonder if we can decode the PrivateKeyInfo and get the algorithm directly?

@mhalbritter mhalbritter self-assigned this Sep 15, 2023
@mhalbritter mhalbritter changed the title PemPrivateKeyParser doesn't support ed448 keys PemPrivateKeyParser doesn't support ed448 and XDH keys Sep 15, 2023
@mhalbritter
Copy link
Contributor Author

Java 17 has added EdDSA and XDH support.

On Java 17, we can support Ed448 and Ed25519 even in Boot 2.7.x.

XDH support is completely missing. We can support X448 and X25519 in Boot 2.7.x and up on Java 17.

@mhalbritter
Copy link
Contributor Author

There's also RSA-PSS, which we don't support.

@mhalbritter mhalbritter changed the title PemPrivateKeyParser doesn't support ed448 and XDH keys PemPrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys Sep 15, 2023
@mhalbritter mhalbritter changed the title PemPrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys PrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys Sep 15, 2023
@mhalbritter mhalbritter mentioned this issue Sep 15, 2023
Closed
@mhalbritter mhalbritter modified the milestones: 2.7.x, 2.7.16 Sep 15, 2023
@mhalbritter
Copy link
Contributor Author

mhalbritter commented Sep 15, 2023
edited

I've added support for XDH (Java 17+), EdDSA (Java17+) and RSS-PSS. And i've improved the tests.

I've not implemented it on top of the DerElement, but I'll create an issue for this: #37426

@Netyyyy Netyyyy mentioned this issue Sep 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mhalbritter mhalbritter

Labels
type: bug A general bug
Projects
None yet
Milestone
2.7.16
Development

No branches or pull requests
2 participants
@philwebb @mhalbritter