[gnutls-devel] GnuTLS | Add support for loading Ed25519 keys from PKCS#11 and using them (!1200)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Feb 28 16:26:44 CET 2020 


Jakub Jelen created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1200

Project:Branches: jjelen/gnutls:eddsa-pkcs11 to gnutls/gnutls:master
Author:    Jakub Jelen



Fixes #946 

I will have to look into testing this later if needed. So far tested manually in OpenSC, that I am able to load EdDSA Key into gnutls and use them to create self-signed certificate:
```
Key pair generated:
Private Key Object; EC_EDWARDS
  label:      EDDSA
  ID:         05
  Usage:      decrypt, sign, unwrap, derive
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; EC_EDWARDS  EC_POINT 255 bits
  EC_POINT:   0420aa0e50140a7f0c88f0cbcfb97a82f50814c22968f9547da18756a513b95ffbc6
  EC_PARAMS:  130c656477617264733235353139
  label:      EDDSA
  ID:         05
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Generating a self signed certificate...
X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 52200fa099f0b6dc47e0ac7edebedb27f3e9f871
	Validity:
		Not Before: Fri Feb 28 15:16:17 UTC 2020
		Not After: Sat Feb 27 15:16:17 UTC 2021
	Subject: O=OpenSC
	Subject Public Key Algorithm: EdDSA (Ed25519)
	Algorithm Security Level: High (256 bits)
		Curve:	Ed25519
		X:
			aa:0e:50:14:0a:7f:0c:88:f0:cb:cf:b9:7a:82:f5:08
			14:c2:29:68:f9:54:7d:a1:87:56:a5:13:b9:5f:fb:c6
	Extensions:
		Basic Constraints (critical):
			Certificate Authority (CA): FALSE
		Subject Alternative Name (not critical):
			RFC822Name: none at example.org
		Key Usage (critical):
			Digital signature.
		Subject Key Identifier (not critical):
			09322de3f242ea5066c96ae46c1b27104ac453be
Other Information:
	Public Key ID:
		sha1:09322de3f242ea5066c96ae46c1b27104ac453be
		sha256:60bfb7e740ca4cd3ca05fae5a6bdc2a6be51d635e998e9a8bf9f31ea70356f1a
	Public Key PIN:
		pin-sha256:YL+350DKTNPKBfrlpr3Cpr5R1jXpmOmov58x6nA1bxo=



Signing certificate...
Using slot 0 with a present token (0x1b840330)
Created certificate:
Certificate Object; type = X.509 cert
  label:      EDDSA
  subject:    DN: O=OpenSC
  ID:         05
```

## Checklist
 * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [X] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1200
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200228/693f7931/attachment-0001.html>

More information about the Gnutls-devel mailing list