You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When ECDSA keys are encoded in a SubjectPublicKeyInfo structure, the algorithm field MUST be one of the following, as specified by RFC 5480, Section 2.1.1:
The encoded AlgorithmIdentifier for a P-256 key MUST match the following hex-encoded bytes: > 301306072a8648ce3d020106082a8648ce3d030107.
The encoded AlgorithmIdentifier for a P-384 key MUST match the following hex-encoded bytes: > 301006072a8648ce3d020106052b81040022.
The above encodings consist of an ecPublicKey OID (1.2.840.10045.2.1) with a named curve parameter of the correponding curve OID. Certificates MUST NOT use the implicit or specified curve forms.
When a root or intermediate certificate's ECDSA key is used to produce a signature, only the following algorithms may be used, and with the following encoding requirements:
If the signing key is P-256, the signature MUST use ECDSA with SHA-256. The encoded AlgorithmIdentifier MUST match the following hex-encoded bytes: 300a06082a8648ce3d040302.
If the signing key is P-384, the signature MUST use ECDSA with SHA-384. The encoded AlgorithmIdentifier MUST match the following hex-encoded bytes: 300a06082a8648ce3d040303.
The above encodings consist of the corresponding OID with the parameters field omitted, as specified by RFC 5758, Section 3.2. Certificates MUST NOT include a NULL parameter. Note this differs from RSASSA-PKCS1-v1_5, which includes an explicit NULL.
The text was updated successfully, but these errors were encountered:
…oding. (#378)
`e_mp_ecdsa_pub_key_encoding_correct`, enforces certificate ECDSA public key
algorithm identifiers are a byte-for-byte match to the required values from
Section 5.1.2 of the Mozilla root store policy or a `lint.Error` level finding
is returned. The `e_mp_ecdsa_signature_encoding_correct` lint applies similar
checks to certificate ECDSA signature algorithm identifiers. Both lints
require that the ECDSA curve in use be one of P-256 or P-384, per Moz.
policy.
To help implement the new lints (and to simplify one existing lint), a new
utility function `util.GetPublicKeyAidEncoded` is added. This function returns
the encoded tag/length ASN.1 bytes of a certificate's `SubjectPublicKeyInfo`
sequence's algorithm field (or an error if the field can not be extracted).
Resolves#355, #358
See https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md#512-ecdsa
The text was updated successfully, but these errors were encountered: