Skip to content

Failure to create and verify ECDSA signatures #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aleksandrs-ledovskis opened this issue Feb 15, 2020 · 2 comments
Closed

Failure to create and verify ECDSA signatures #193

aleksandrs-ledovskis opened this issue Feb 15, 2020 · 2 comments
Milestone
0.10.5

Comments

@aleksandrs-ledovskis
Copy link

aleksandrs-ledovskis commented Feb 15, 2020
edited
Loading

Haven't tested it with other algorithms, but attempting to generate a Digest-type signature using secp256r1/P-256 (ECDSA) key using SHA-1 hashing algorithm

OpenSSL::PKey::EC.new(File.read('ecdsa.key')).sign(OpenSSL::Digest::SHA1.new, 'foobar')

fails with

OpenSSL::PKey::PKeyError: SHA1WITHEC Signature not available
    sign at org/jruby/ext/openssl/PKey.java:223

Cursory investigation brings me to Bouncy Castle, where SHA1WITHECDSA algo does exists.

I have cobbled up a hacky patch to pass ECDSA in around here when PKeyEC instance is in play. It does work (both sign/verify output proper values, cross checked with CRuby's OpenSSL), but am not sure about architectural validity of this approach.
@kares
Copy link
Member

kares commented Feb 18, 2020

Hey Aleks, that makes sense. The EC support wasn't completely polished.
But this part should return "ECDSA" ... as you already figured. Please fire up a PR.

@kares kares added this to the 0.10.5 milestone Mar 17, 2020
@eshanholtz eshanholtz mentioned this issue Jun 9, 2020
Merged
@kares kares closed this as completed in 25972fd Jun 11, 2020
@aleksandrs-ledovskis
Copy link
Author

@kares As the 25972fd commit only contains test but not an implementation, and causes some CI failures, I think this issue in itself isn't fully resolved?

kares added a commit that referenced this issue Jun 14, 2020
@kares
[fix] EC key sign/verify (#193)
817cfed
deivid-rodriguez pushed a commit to deivid-rodriguez/jruby-openssl that referenced this issue Sep 4, 2020
@kares @deivid-rodriguez
[test] EC key sign/verify works (closes jruby#193)
d8a6a61
deivid-rodriguez pushed a commit to deivid-rodriguez/jruby-openssl that referenced this issue Sep 4, 2020
@kares @deivid-rodriguez
[fix] EC key sign/verify (jruby#193)
f82188c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.10.5
Development

No branches or pull requests
2 participants
@kares @aleksandrs-ledovskis