Skip to content

ed25519: implement SignatureBitStringEncoding support#889

Merged
tarcieri merged 1 commit intoRustCrypto:masterfrom
baloo:baloo/ed25519/signature-encoding
Jan 23, 2025
Merged

ed25519: implement SignatureBitStringEncoding support#889
tarcieri merged 1 commit intoRustCrypto:masterfrom
baloo:baloo/ed25519/signature-encoding

Conversation

@baloo
Copy link
Copy Markdown
Member

@baloo baloo commented Jan 22, 2025
edited
Loading

@baloo baloo marked this pull request as draft January 22, 2025 18:15
@baloo
Copy link
Copy Markdown
Member Author

baloo commented Jan 22, 2025

Putting that in draft for now, I didn't check whether that was enough to generate an x509 cert with it yet.

@baloo
Copy link
Copy Markdown
Member Author

baloo commented Jan 22, 2025

This generates those kind of x509 certificates:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
        Signature Algorithm: ED25519
        Issuer: C = US, O = Acme Inc, CN = Hi
        Validity
            Not Before: Jan 22 21:22:51 2025 GMT
            Not After : Jan 28 16:16:11 2025 GMT
        Subject: C = US, O = Acme Inc, CN = Hi
        Subject Public Key Info:
            Public Key Algorithm: ED25519
                ED25519 Public-Key:
                pub:
                    4e:2b:d6:8d:a9:04:b2:aa:6f:f3:6e:a8:7a:39:cc:
                    b5:18:cc:a8:c2:4f:70:04:a0:c9:46:ef:d2:5f:43:
                    fc:77
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                E3:7F:9B:E3:F5:42:9B:81:6D:9A:FC:F4:21:9B:6D:BD:71:FC:0F:00
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier:
                E3:7F:9B:E3:F5:42:9B:81:6D:9A:FC:F4:21:9B:6D:BD:71:FC:0F:00
    Signature Algorithm: ED25519
    Signature Value:
        68:45:67:e3:74:89:a3:e4:9b:75:28:95:43:ab:53:cc:48:b6:
        52:6c:e8:9a:53:70:b3:86:97:a4:a4:ee:ef:bb:3a:08:ea:0c:
        2a:99:fb:bf:71:fc:65:0a:35:ed:51:e9:77:f2:53:d5:5b:bb:
        61:07:c9:5f:fa:38:22:db:8c:0f
-----BEGIN CERTIFICATE-----
MIIBbDCCAR6gAwIBAgIBKjAFBgMrZXAwLTELMAkGA1UEBhMCVVMxETAPBgNVBAoM
CEFjbWUgSW5jMQswCQYDVQQDDAJIaTAeFw0yNTAxMjIyMTIyNTFaFw0yNTAxMjgx
NjE2MTFaMC0xCzAJBgNVBAYTAlVTMREwDwYDVQQKDAhBY21lIEluYzELMAkGA1UE
AwwCSGkwKjAFBgMrZXADIQBOK9aNqQSyqm/zbqh6Ocy1GMyowk9wBKDJRu/SX0P8
d6NjMGEwHwYDVR0jBBgwFoAU43+b4/VCm4Ftmvz0IZttvXH8DwAwDwYDVR0TAQH/
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFON/m+P1QpuBbZr89CGb
bb1x/A8AMAUGAytlcANBAGhFZ+N0iaPkm3UolUOrU8xItlJs6JpTcLOGl6Sk7u+7
OgjqDCqZ+79x/GUKNe1R6XfyU9Vbu2EHyV/6OCLbjA8=
-----END CERTIFICATE-----

This doesn't pass the zlint because it fails on https://github.com/zmap/zlint/blob/master/v3/lints/cabf_br/lint_subject_public_key_info_improper_algorithm_object_identifier_encoding.go#L62

which follows CABF (https://github.com/cabforum/servercert/blob/main/docs/BR.md#7131-subjectpublickeyinfo).

I think openssl is happy about it:

$ openssl verify -check_ss_sig -CAfile /tmp/eddsa.pem /tmp/eddsa.pem
/tmp/eddsa.pem: OK

@baloo baloo marked this pull request as ready for review January 22, 2025 21:24
@baloo baloo mentioned this pull request Jan 22, 2025
Closed
@tarcieri tarcieri merged commit e5a732d into RustCrypto:master Jan 23, 2025
@baloo baloo deleted the baloo/ed25519/signature-encoding branch January 23, 2025 22:43
@baloo baloo mentioned this pull request Jul 7, 2025
Merged
@baloo baloo mentioned this pull request Aug 5, 2025
Merged
@tarcieri tarcieri mentioned this pull request May 3, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tarcieri tarcieri tarcieri approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ed25519: SignatureBitStringEncoding support

2 participants

@baloo @tarcieri