Closed rmhrisk closed 3 years ago
Very nice. Does it support secp256k1 as well?
Yes.
@microshine can comment on if the whole chain can be in these curves or just the leaf.
That’s awesome. I will definitely try it out.
How did you generate the certificate above? I keep getting errors:
That was a cert I found on the internet that was supposedly created with OpenSSL..
You cert, at least according to the exception, has a ASN.1 encoding issue:
And I don't see why, though this cert has a lot of MSFT proprietary things; what issued it?
@microshine
@microshine looked at your certificate and it appears the certificate template extension is not formed correctly:
We expect the certificate template to be:
CertificateTemplateName ::= UTF8String
But yours is:
CertificateTemplateName ::= SEQUENCE {
Name UTF8String
}
Our current interpretation seems to match https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/3aec3e50-511a-42f9-a5d5-240af503e470
I just generated it using the pki.js complex cert example, and it seems to work in OpenSSL.
I'll generate another one using OpenSSL and try it, sb.
Ok, I generated another one using my library (which uses OpenSSL directly), and it seems to work fine.
link.
Can you point me to an example using pki.js programmatically creating an ec cert? Things seem to have changed a bit since I submitted a pull request, my old examples aren't working.
It is probably easier to create the certs using our higher-level library - https://github.com/PeculiarVentures/x509/
@TJKoury see example https://codesandbox.io/s/generate-cert-fjwfh
@microshine I did check that out. I'm still not able to generate a certificate with secp256k1, it does not seem to be supported here.
So it's able to read only, or is there something else I'm missing? Thanks for the help.
How did you generate the certificate above? I keep getting errors:
Error fixed. Please check again.
@TJKoury I'm working on it. I'll publish the new version of @peculiar/x509
in 30 minutes
Done. @TJKoury Please try https://codesandbox.io/s/generate-cert-fjwfh
@microshine You are a beast! Works like a charm.
@microshine In my quest to replace my library with this one, any easy method to import an EC private key and generate a public key from it? All the machinery is there in webcrypto, but the functionality does not seem to be exposed.
@TJKoury would be best to file an issue with this question in the X509 repo.
@rmhrisk It's not really a certificate issue, perhaps one of the other crypto repos? Basically this code here:
import elliptic from "elliptic";
const getPublicFromPrivateHex = (privateHex, curve = "secp256k1", compressed = true) => {
let ec = new elliptic.ec(curve);
let key = ec.keyFromPrivate(privateHex, "hex");
return key.getPublic(compressed, "hex");
};
Just want to keep this repo for things related to PKI.js
We can use Liner to get support for this algorithm