support SM2 ?

[Nu1i]

secp will be support sm2?

[jessepeterson]

Sorry, what is sm2?

[Nu1i]

Sorry, what is sm2?

SM2 is an asymmetric encryption algorithm recognized by the National Cryptography Administration of China and is a type of ECC. https://zh.wikipedia.org/zh-hans/SM2

[jessepeterson]

@Nu1i hmm. That's seems tough. Where would you need the support? Like, issuing these certs? Or using them in the CMS/PKCS#7 exchanges? SM2/SM9 doesn't seem to be supported in the native Go stdlibs that makes it unlikely to support in these projects. But I'd defer to more knowledgeable folks like @hslatman.

[hslatman]

If the (third party) SM2 implementation adheres to the interfaces provided by crypto, then the PKCS7 layer can likely be made to work to a certain extent. But I think issuing a certificate for an SM2 key won't (currently) work, as that currently only works for RSA keys, with messages encrypted to the public key. SCEP can work with ECDSA keys (and presumably, also other EC keys, such as SM2), but encryption then happens against the challenge password. This functionality is currently not supported in the scep package.

I don't have experience with SM2 in practice, so I can't tell if there's more to it. I did find out that https://github.com/xipki/xipki does seem to support it, though, so maybe that provides some insights. Might be limited to other protocols, and not SCEP, though.