Projects tigase _server tigase-utils Issues #28
Add support for certificates private key using `ecdsa` (#28)
Wojciech Kapcia (Tigase) opened 1 year ago

We should add support for certificates private keys using ecdsa algorithms as new Certbot (Let's Encrypt) defaults to it as per documentation https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys:

Certbot supports two certificate private key algorithms: rsa and ecdsa.

As of version 2.0.0, Certbot defaults to ECDSA secp256r1 (P-256) certificate private keys for all new certificates. Existing certificates will continue to renew using their existing key type, unless a key type change is requested.

The type of key used by Certbot can be controlled through the --key-type option. You can use the --elliptic-curve option to control the curve used in ECDSA certificates and the --rsa-key-size option to control the size of RSA keys.


Reproducible: java -cp jars/tigase-utils.jar tigase.cert.CertificateUtil -lc certs/<domain>.pem -simple

Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key
	at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source)
	at java.base/java.security.KeyFactory.generatePrivate(Unknown Source)
	at tigase.cert. CertificateUtil parseCertificate(CertificateUtil.java:605)
	at tigase.cert.CertificateUtil.loadCertificate(CertificateUtil.java:415)
	at tigase.cert.CertificateUtil.loadCertificate(CertificateUtil.java:435)
	at tigase.cert.CertificateUtil.main (CertificateUtil.java: 484)
Caused by: java.security.InvalidKeyException: Invalid RSA private key
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(Unknown Source)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(Unknown Source)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl. newKey (Unknown Source)
	at java.base/sun.security.rsa.RSAKeyFactory generatePrivate (Unknown Source)
	... 6 more
Caused by: java.io.I0Exception: Version must be 0
	at java.base/sun.security.rsa.RSAPrivateCrtKeỹImpl.parseASN1 (Unknown Source)
	... 10 more
  • Wojciech Kapcia (Tigase) moved 1 year ago
    Previous Value Current Value
    tigase/_server/server-core
    tigase/_server/tigase-utils
  • Wojciech Kapcia (Tigase) batch edited 1 year ago
    Name Previous Value Current Value
    Iterations
    empty
    tigase-server-8.4.0
  • Bartosz Małkowski changed state to 'In Progress' 1 year ago
    Previous Value Current Value
    Open
    In Progress
  • Bartosz Małkowski changed state to 'In QA' 1 year ago
    Previous Value Current Value
    In Progress
    In QA
  • Bartosz Małkowski commented 1 year ago

    I added support for PKCS#8 encoded EC keys. I added testes for key&cert parsing.

  • Wojciech Kapcia (Tigase) changed state to 'Closed' 1 year ago
    Previous Value Current Value
    In QA
    Closed
  • Wojciech Kapcia (Tigase) commented 1 year ago

    Thank you

issue 1 of 1
Type
New Feature
Priority
Normal
Assignee
Version
tigase-server-8.4.0
Target Release
1.0
Sprints
n/a
Customer
n/a
Iterations
Issue Votes (0)
Watchers (3)
Reference
tigase/_server/tigase-utils#28
Please wait...
Page is in error, reload to recover