Comments (5)
@veeti It turned out - for me at least - SSL handshake is faster on EC keys.
Is it possible that existing EC private keys are accepted by manuale?
https://github.com/veeti/manuale/blob/master/manuale/crypto.py#L92-L98
from manuale.
Yes it is:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
*
ASN1 OID: prime256v1
NIST CURVE: P-256
from manuale.
Yes, you can already bring your own EC key. This issue is for generating EC keys through the client.
from manuale.
Maybe we can make account using EC key through this way?
import copy
import json
import requests
# PyJWT
from jwt.algorithms import get_default_algorithms
from jwt.utils import base64url_encode, to_base64url_uint, force_bytes
# cryptography
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
# generate ec key
pkey = ec.generate_private_key(curve=ec.SECP384R1(), backend=default_backend())
# get nonce & acme directory
r = requests.get('https://acme-staging.api.letsencrypt.org/directory')
nonce = r.headers['Replay-Nonce']
urls = r.json()
def sign_request(header, protected, payload, key, algorithm='ES384'):
"""JWS Sign Request"""
protected = base64url_encode(force_bytes(json.dumps(protected)))
payload = base64url_encode(force_bytes(json.dumps(payload)))
try:
alg_obj = get_default_algorithms()[algorithm]
key = alg_obj.prepare_key(key)
signing_input = b'.'.join((protected, payload))
signature = alg_obj.sign(signing_input, key)
except KeyError:
raise NotImplementedError('Algorithm not supported')
return {
'header': header,
'protected': protected.decode('ascii'),
'payload': payload.decode('ascii'),
'signature': base64url_encode(signature).decode('ascii'),
}
header = {
"alg": "ES384",
"jwk": {
"kty": "EC",
"crv": {
'secp256r1': 'P-256',
'secp384r1': 'P-384',
}[pkey.public_key().curve.name],
"x": to_base64url_uint(pkey.public_key().public_numbers().x).decode('ascii'),
"y": to_base64url_uint(pkey.public_key().public_numbers().y).decode('ascii'),
}
}
protected = copy.deepcopy(header)
protected['nonce'] = nonce
payload = {'resource':'new-reg', 'contact':['mailto:[email protected]']}
r = requests.post(urls['new-reg'], json=sign_request(header, protected, payload, pkey))
print(r.json())
from manuale.
Let's Encrypt only support curve P-256
and P-384
, and curve P-256
must signed with ES256
, P-384
must signed with ES384
.
from manuale.
Related Issues (20)
- How to renew authorisation? HOT 2
- Cert naming HOT 6
- Support authorization deactivation HOT 2
- ECC certs support HOT 3
- Using a CSR without the private key
- Support must-staple extension in CSR
- Display authorization time HOT 2
- Renew
- "issue" usage is incorrect HOT 3
- random certs deauthorzied and can not be renewed HOT 15
- env/bin/python setup.py install fails on OpenBSD 6.1 HOT 2
- Issue should require CSR XOR domain(s)
- Split challenge generation & challenge verification HOT 11
- Challenge support: tls-sni-01 HOT 1
- Challenge support: tls-sni-02
- Challenge support: ip-01
- ACME v2 support HOT 5
- Python 3.5 deprication notice HOT 5
- 'utf-8' codec can't decode byte 0xc5
- How can I renew certificates ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from manuale.