Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECDSA verification support #98

Merged
merged 2 commits into from
Aug 13, 2016
Merged

ECDSA verification support #98

merged 2 commits into from
Aug 13, 2016

Conversation

titanous
Copy link
Contributor

  • verify: Don't assume signature method, use key type

    It is unsafe to use the signature method field, as it could result in a key confusion attack. Use the key type instead.
    Also, don't assume that we're only working with Ed25519.

  • verify: Add support for ecdsa-sha2-p256 signatures

@titanous
verify: Don't assume signature method, use key type
9e8df3c 
It is unsafe to use the signature method field, as it could result
in a key confusion attack. Use the key type instead.

Also, don't assume that we're only working with Ed25519.

Signed-off-by: Jonathan Rudenberg <[email protected]>
@titanous
verify: Add support for ecdsa-sha2-p256 signatures
596db52 
Signed-off-by: Jonathan Rudenberg <[email protected]>
@titanous titanous changed the title Ecdsa ECDSA verification support Aug 12, 2016
lmars
lmars reviewed Aug 12, 2016
View reviewed changes
verify/verify_test.go
func (ecdsaSigner) Type() string {
return data.KeyTypeECDSA_SHA2_P256
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these definitions belong in the test file?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. This patch intentionally implements only verification in the exposed code. This is in preparation for supporting ECDSA signing keys via PKCS11 in external devices like the Yubikey and HSMs. If you can store keys locally, Ed25519 should be used. We're only adding support for ECDSA because the dedicated hardware devices do not support Ed25519.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha.

@lmars
Copy link
Contributor

lmars commented Aug 12, 2016

LGTM

@titanous titanous merged commit 0b3fbb9 into master Aug 13, 2016
@titanous titanous deleted the ecdsa branch August 13, 2016 00:11
@titanous titanous mentioned this pull request Aug 25, 2016
Closed
@cce cce mentioned this pull request Oct 19, 2020
Closed
lebauce pushed a commit to lebauce/go-tuf that referenced this pull request Jul 26, 2021
@cce @lebauce
verify: Add rsassa-pss-sha256 verifier, based on RSAVerifier removed in
b51f4d6 
theupdateframework#96 and ECDSA support added in theupdateframework#98
lebauce pushed a commit to lebauce/go-tuf that referenced this pull request Jul 26, 2021
@cce @lebauce
verify: Add RSA verifier tests based on ECDSA verifier tests from the…
9edd5be 
…updateframework#98
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@titanous @lmars