TJKoury
commented
3 years ago I finally released that side project here that enables ed25519 certs.
Closed rmhrisk closed 3 years ago
rmhrisk
commented
3 years ago TJKoury
commented
3 years ago Very nice. Does it support secp256k1 as well?
rmhrisk
commented
3 years ago Yes.
@microshine can comment on if the whole chain can be in these curves or just the leaf.
TJKoury
commented
3 years ago That’s awesome. I will definitely try it out.
TJKoury
commented
3 years ago How did you generate the certificate above? I keep getting errors:
rmhrisk
commented
3 years ago That was a cert I found on the internet that was supposedly created with OpenSSL..
You cert, at least according to the exception, has a ASN.1 encoding issue:
And I don't see why, though this cert has a lot of MSFT proprietary things; what issued it?
@microshine
rmhrisk
commented
3 years ago @microshine looked at your certificate and it appears the certificate template extension is not formed correctly:
We expect the certificate template to be:
CertificateTemplateName ::= UTF8StringBut yours is:
CertificateTemplateName ::= SEQUENCE {
Name UTF8String
}Our current interpretation seems to match https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/3aec3e50-511a-42f9-a5d5-240af503e470
TJKoury
commented
3 years ago I just generated it using the pki.js complex cert example, and it seems to work in OpenSSL.
I'll generate another one using OpenSSL and try it, sb.
TJKoury
commented
3 years ago Ok, I generated another one using my library (which uses OpenSSL directly), and it seems to work fine.
link.
Can you point me to an example using pki.js programmatically creating an ec cert? Things seem to have changed a bit since I submitted a pull request, my old examples aren't working.
rmhrisk
commented
3 years ago It is probably easier to create the certs using our higher-level library - https://github.com/PeculiarVentures/x509/
microshine
commented
3 years ago @TJKoury see example https://codesandbox.io/s/generate-cert-fjwfh
TJKoury
commented
3 years ago @microshine I did check that out. I'm still not able to generate a certificate with secp256k1, it does not seem to be supported here.
So it's able to read only, or is there something else I'm missing? Thanks for the help.
donskov
commented
3 years ago How did you generate the certificate above? I keep getting errors:
Error fixed. Please check again.
microshine
commented
3 years ago @TJKoury I'm working on it. I'll publish the new version of @peculiar/x509 in 30 minutes
microshine
commented
3 years ago Done. @TJKoury Please try https://codesandbox.io/s/generate-cert-fjwfh
TJKoury
commented
3 years ago @microshine You are a beast! Works like a charm.
TJKoury
commented
3 years ago @microshine In my quest to replace my library with this one, any easy method to import an EC private key and generate a public key from it? All the machinery is there in webcrypto, but the functionality does not seem to be exposed.
rmhrisk
commented
3 years ago @TJKoury would be best to file an issue with this question in the X509 repo.
TJKoury
commented
3 years ago @rmhrisk It's not really a certificate issue, perhaps one of the other crypto repos? Basically this code here:
import elliptic from "elliptic";
const getPublicFromPrivateHex = (privateHex, curve = "secp256k1", compressed = true) => {
let ec = new elliptic.ec(curve);
let key = ec.keyFromPrivate(privateHex, "hex");
return key.getPublic(compressed, "hex");
};Just want to keep this repo for things related to PKI.js
We can use Liner to get support for this algorithm