[gnutls-devel] GnuTLS | Importing ED25519 in pubkey (#613)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Nov 11 08:54:20 CET 2018

> The [DKIM base specification](https://tools.ietf.org/html/rfc6376#section-3.6.1) states for the k= flag “The "rsa" key type indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey (see [RFC3447], Sections 3.1 and A.1.1) is being used in the "p=" tag.".  The p= flag is a single, base64 encoded string.” The key-data is imported using [gnutls_pubkey_import](https://www.gnutls.org/manual/html_node/Abstract-key-API.html#gnutls_005fpubkey_005fimport).

> - Write in the documentation that gnutls_pubkey_import deals with ASN.1 data
> [RFC8463 extends](https://tools.ietf.org/html/rfc8463#section-4.2) the base DKIM specification: “The p= value in the key record is the Ed25519 public key encoded in base64.”

 All gnutls import and export functions deal with X.509 (ASN-encoded) data. In particular `gnutls_pubkey_import` is documented to import a `SubjectPublicKeyInfo X.509 structure`, and not the structures described in RFC8463. Note also that gnutls doesn't claim to implement RFC8463.

> What function shall be used to import that data? / How shall the key from DNS be imported into a public key, after the base64 decoding?

RFC8463 seems to be using raw keys, and thus you'd need to use `gnutls_pubkey_import_ecc_raw`. You may want to see how the knot dns guys have implemented that part.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/613#note_116279842
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181111/d14c5354/attachment.html>

More information about the Gnutls-devel mailing list