NIST curve P-521 SHA-512 support for generating keys and signing #824
Comments
|
@est31 Which software uses p521 SHA-512? |
I just wanted it for completion. If you don't feel there is a need, feel free to close this. Openssl supports p521 but it seems to sign using SHA-256. E.g. |
|
I would also like this feature, I'm trying to implement a software which is built on p521 SHA-512 and would like to use ring as a crypto library. This is a feature that |
|
I would be interested in donating to help get this feature implemented. I went ahead and sent you an email @briansmith. |
|
SSH keys can be |
|
|
|
P-521 is used in JOSE, COSE, as well as supported in Web Cryptography API. Developers may choose to use this curve in a variety of applications for quite some time now. |
|
It also gets used in Terraform plugin handshake validation which admittedly, are mostly in Go, but I ran into issues recently building one in Rust because of this lack. |
|
I think P-521 is also important from the post-quantum perspective. |
Note that P-521 (and all the other standard ECDSA curves) are not quantum resistant. Quantum-resistance will require a completely different signing algorithm (not ECDSA or EdDSA). See https://csrc.nist.gov/projects/post-quantum-cryptography for more information. |
|
FWIW, When I asked "Which software uses p521 SHA-512?," what I meant was "What software requires you to implement P-521, given that P-256 and P-384 are already available to you?" Of course I know of all the standards that provide ways to use P-521, but I don't know of any popular software that has a P-521-only configuration. Regardless, I am more open to supporting P-521 (and P-521 SHA-512 signature algorithms) than I was in the past. Just, I'm surprised so many people care about it. I would expect to find a lot more X448-only software than P-521-only-software. |
|
Any news on this? |
As near as we can tell, this software only has support for P-521. https://cert-manager.io/docs/projects/csi-driver-spiffe/ |
|
I have another use case as well. |
|
@nazure could you attach a copy of the root cert here? I'd be interested. |
Yup, sure. Thanks for looking at this. |
|
@nazure interesting, indeed it seems to use |
|
I could look into implementing this if @briansmith is ok with it |
|
For anyone curious, it looks like Vlad did nearly complete this - #1631 |
|
Yes, I will help Vlad with this. |
briansmith
changed the title
briansmith
changed the title
|
To clarify the above: Vlad's work in PR #1631 will add P-521 signature verification support, whereas this issue is for the (private) keypair generation, keypair parsing, and signature generation. That is, Vlad is working on the public key operations, whereas this issue is about the private key operations, i.e. ones that would be needed by rcgen. I filed issue issue #1771 to track the work that's blocking the signature verification work. In terms of supporting the private key operations tracked by this issue, I think we're going to block this on #1771 being completed. |
I'd like to have support for
ECDSA_P521_SHA512_ASN1_SIGNINGsigning, DER export and key generation as there already is support forECDSA_P256_SHA256_ASN1_SIGNINGorECDSA_P384_SHA384_ASN1_SIGNING.See also: https://tools.ietf.org/html/rfc5480#section-4 for a list of possible combinations.
The text was updated successfully, but these errors were encountered: