[gnutls-devel] GnuTLS | Importing ED25519 in pubkey (#613)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Nov 10 23:45:59 CET 2018

New Issue was created.

Issue 613: https://gitlab.com/gnutls/gnutls/issues/613
Author:    Dilyan Palauzov

The [DKIM base specification](https://tools.ietf.org/html/rfc6376#section-3.6.1) states for the k= flag “The "rsa" key type indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey (see [RFC3447], Sections 3.1 and A.1.1) is being used in the "p=" tag.".  The p= flag is a single, base64 encoded string.  The key-data is imported using [gnutls_pubkey_import](https://www.gnutls.org/manual/html_node/Abstract-key-API.html#gnutls_005fpubkey_005fimport).

* Write in the documentation that gnutls_pubkey_import deals with ASN.1 data

[RFC8463 extends](https://tools.ietf.org/html/rfc8463#section-4.2) the base DKIM specification: “The p= value in the key record is the Ed25519 public key encoded in base64.”

Passing the ed25519 key over gnutls_pubkey_import returns -73 (GNUTLS_E_ASN1_TAG_ERROR) in _asn1_strict_der_decode(), with the key from DNS TXT 201803e._domainkey.kitterman.com .

As RFC 8463 doesn’t say anything about ASN.1 I guess ed25519 is not ASN.1 DER encoded, contrary to RSAPublicKey.

What function shall be used to import that data? / How shall the key from DNS be imported into a public key, after the base64 decoding?

For gnutls_pubkey_import_ecc_raw() the documentation states “In EdDSA curves the y parameter will be NULL and the other parameters will be in the native format for the curve.”  What are the other parameters?  There is only one other parameter - “x”.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/613
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181110/acc27882/attachment.html>

More information about the Gnutls-devel mailing list