Closed harmin-parra closed 2 years ago
There is not currently a plan, see https://github.com/pyca/cryptography/issues/5659 for a discussion of this. If you have a concrete use case where they are required, please leave a comment there.
Many passports chips (eMRTD) are using ECDSA with explicit parameters in their Security Data Object certificate. This is a digitally signed file to check authenticity and integrity of all the content read from the passport chip.
Same here. I'm using Securosys HSM and it returns keys with explicit parameters. Right now I'm forced to use ecdsa
package to parse it. An example of public key that cryptography fails to load now:
MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////////////////////////////////////v///C8wRAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP////////////////////66rtzmr0igO7/SXozQNkFBAgEBA0IABLkt+LwezHbg3He19gF9Nh2IPqkyTtWV9YFGNGm5nOM9+yyejmQyIWy2zmb+J5EARlNcN721iBQB3yWzrM15NJA=
@ods thanks for the report -- have you contacted your HSM vendor to ask whether they have plans to use the named value rather than explicit? The values encoded in your example appear to be secp256k1
. We're tracking this more generically in #5659, but any workaround we may choose to expose (especially around explicit encodings for named curves) is intended to be temporary and contingent on users contacting their vendors to help correct the undesirable encoding.
Hello
Are there any plans to support ECDSA keys with explicit parameters ?
I get this error
ValueError: ECDSA keys with explicit parameters are unsupported at this time
when trying to parse a ECDSA private key
Here is the piece of code