Add ECDSA to spec #355
Comments
|
We implemented this in theupdateframework/go-tuf#98. Any thoughts before it gets rolled out into the wild? |
|
We are generally open to supporting new key types. This looks good to me. I'll go ahead and revise the specification. The Python implementation will also be updated to support this key type, |
|
PR to support ECDSA keys and signatures (in the reference implementation) submitted here: https://github.com/secure-systems-lab/ssl_crypto/pull/4 Note: crypto-related modules have been moved to a separate GitHub repository. |
3 tasks
|
ECDSA has been added to the specification in #498 and implemented in secure-systems-lab/securesystemslib#18. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While I'd love to only use Ed25519 for everything, there is a lack of support in cryptographic smartcards/HSMs for Ed25519. Many devices do however support ECDSA, including the Yubikey 4.
I think the specification should include support for ECDSA keys and signatures. The most common will be the NIST P-256 curve signing SHA-256 hashes.
I propose the addition of a new key type and signature method:
ecdsa-sha2-nistp256(uses SHA-256 for hashing). This is used in OpenSSH and specified in RFC 5656. I don't think there is any need for signature algorithm agility here, so the key type and signature method would be the same for simplicity.The text was updated successfully, but these errors were encountered: