Closed harmin-parra closed 2 years ago
alex
commented
2 years ago There is not currently a plan, see https://github.com/pyca/cryptography/issues/5659 for a discussion of this. If you have a concrete use case where they are required, please leave a comment there.
antonio-fr
commented
2 years ago Many passports chips (eMRTD) are using ECDSA with explicit parameters in their Security Data Object certificate. This is a digitally signed file to check authenticity and integrity of all the content read from the passport chip.
ods
commented
1 year ago Same here. I'm using Securosys HSM and it returns keys with explicit parameters. Right now I'm forced to use ecdsa package to parse it. An example of public key that cryptography fails to load now:
MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////////////////////////////////////v///C8wRAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP////////////////////66rtzmr0igO7/SXozQNkFBAgEBA0IABLkt+LwezHbg3He19gF9Nh2IPqkyTtWV9YFGNGm5nOM9+yyejmQyIWy2zmb+J5EARlNcN721iBQB3yWzrM15NJA=
reaperhulk
commented
1 year ago @ods thanks for the report -- have you contacted your HSM vendor to ask whether they have plans to use the named value rather than explicit? The values encoded in your example appear to be secp256k1. We're tracking this more generically in #5659, but any workaround we may choose to expose (especially around explicit encodings for named curves) is intended to be temporary and contingent on users contacting their vendors to help correct the undesirable encoding.
Hello
Are there any plans to support ECDSA keys with explicit parameters ?
I get this error
ValueError: ECDSA keys with explicit parameters are unsupported at this timewhen trying to parse a ECDSA private key
Here is the piece of code