Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Elliptic Curve keys #8

Closed
wants to merge 1 commit into from

Conversation

yonran
Copy link

@yonran yonran commented Jan 22, 2018

Hi. I wanted to add EC support to certbot because I was using lego and wanted to switch my account to certbot. But lego created an account signed using EC instead of RSA so my account was stuck. I would like guidance on what tests I should write and how to run pylint/pydoc.

@yonran yonran force-pushed the add-elliptic-curve-support branch from 6e88258 to b78ac9a Compare January 22, 2018 05:58
@bmw
Copy link
Member

bmw commented Jun 1, 2018

Hey @yonran. Sorry this has sat around so long.

I would largely base the tests on the tests for the RSA versions of the classes you're adding. You can find these in jwk_test.py and util_test.py.

As for how to run tests, you can install josepy and it's dependencies in a virtual environment by running commands like the following from the root of the repo:

virtualenv venv
source venv/bin/activate
pip install -e .[dev,tests]

After that, you can run tests with tox by running:

tox -e py27

You can replace 27 whichever Python version you want to test against as long as that version of Python is installed on your system.

@bmw bmw mentioned this pull request Jan 24, 2019
@jannispinter
Copy link
Contributor

I would love to see this and #45 implemented, as ES256 is a MUST requirement for ACME.

Quoting RFC 8555 Section 6.2 here:

An ACME server MUST implement the "ES256" signature algorithm
[RFC7518] and SHOULD implement the "EdDSA" signature algorithm using
the "Ed25519" variant (indicated by "crv") [RFC8037].

@bmw
Copy link
Member

bmw commented Jul 11, 2019

Indeed it is a MUST for an ACME server.

While the small Certbot team would also love to see this implemented, we probably won't be able to get to it for a little while. If you'd like to see it sooner, we'd accept well written PRs for these features.

@bmw bmw added the priority: unplanned Work that we believe should be done, but does not have a higher priority. label Mar 25, 2020
@bmw
Copy link
Member

bmw commented Feb 11, 2021

Now that #51 has landed, can this be closed?

cc @adferrand

@adferrand
Copy link
Collaborator

Indeed! This PR was in fact the base on which the actually merged PR has been constructed.

@adferrand adferrand closed this Feb 11, 2021
@James-E-A
Copy link

Just to confirm: this only added the SECP- keys, and not X25519?

@adferrand
Copy link
Collaborator

Exactly. A work is in progress to add the other elliptic curve keys: #98

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
priority: unplanned Work that we believe should be done, but does not have a higher priority.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants