[xmlsec] ECDSA test key/files
Miklos Vajna
vmiklos at vmiklos.hu
Wed Feb 15 03:22:08 PST 2017
Hi,
I tried to look at supporting ECDSA in the nss backend. Here is a work
in progress code:
https://github.com/vmiklos/xmlsec/tree/nss-ecdsa-wip
(I'll send a pull request when it actually works.)
It currently fails as it seems the enveloping-sha512-ecdsa-sha512.xml
test file is using an EC key where the parameter is secp256k1, which is
not supported by NSS.
Here is a list of parameters supported by NSS:
http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12766.html
So based on that, perhaps I would start with secp256r1. Which leads to
the question I would like this ask:
How are the ecdsa-secp256k1 test keys are generated? I found no commands
regarding them in tests/keys/README.
If the documentation could be updated, then perhaps a way forward would
be adding ecdsa-secp256r1 testcases for openssl, and then I could
validate my NSS code by making sure the same tests pass for the NSS
backend as well.
Thanks,
Miklos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20170215/c2132556/attachment.sig>
More information about the xmlsec
mailing list