Add support for certificates private key using `ecdsa` (#28)

Wojciech Kapcia (Tigase) opened 12 months ago

We should add support for certificates private keys using ecdsa algorithms as new Certbot (Let's Encrypt) defaults to it as per documentation https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys:

Certbot supports two certificate private key algorithms: rsa and ecdsa.

As of version 2.0.0, Certbot defaults to ECDSA secp256r1 (P-256) certificate private keys for all new certificates. Existing certificates will continue to renew using their existing key type, unless a key type change is requested.

The type of key used by Certbot can be controlled through the --key-type option. You can use the --elliptic-curve option to control the curve used in ECDSA certificates and the --rsa-key-size option to control the size of RSA keys.

Reproducible: java -cp jars/tigase-utils.jar tigase.cert.CertificateUtil -lc certs/<domain>.pem -simple

Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key
	at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source)
	at java.base/java.security.KeyFactory.generatePrivate(Unknown Source)
	at tigase.cert. CertificateUtil parseCertificate(CertificateUtil.java:605)
	at tigase.cert.CertificateUtil.loadCertificate(CertificateUtil.java:415)
	at tigase.cert.CertificateUtil.loadCertificate(CertificateUtil.java:435)
	at tigase.cert.CertificateUtil.main (CertificateUtil.java: 484)
Caused by: java.security.InvalidKeyException: Invalid RSA private key
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(Unknown Source)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(Unknown Source)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl. newKey (Unknown Source)
	at java.base/sun.security.rsa.RSAKeyFactory generatePrivate (Unknown Source)
	... 6 more
Caused by: java.io.I0Exception: Version must be 0
	at java.base/sun.security.rsa.RSAPrivateCrtKeỹImpl.parseASN1 (Unknown Source)
	... 10 more

Wojciech Kapcia (Tigase) moved 12 months ago

Previous Value	Current Value
tigase/_server/server-core	tigase/_server/tigase-utils

Wojciech Kapcia (Tigase) batch edited 12 months ago

Name	Previous Value	Current Value
Iterations	empty	tigase-server-8.4.0

Referenced from commit 12 months ago

Add support for certificates private key using `ecdsa` (#28 )

committed 12 months ago

fccd60ad

Bartosz Małkowski changed state to 'In Progress' 12 months ago

Previous Value	Current Value
Open	In Progress

Bartosz Małkowski changed state to 'In QA' 12 months ago

Previous Value	Current Value
In Progress	In QA

Bartosz Małkowski commented 12 months ago

I added support for PKCS#8 encoded EC keys. I added testes for key&cert parsing.

Referenced from commit 12 months ago

Reformat; #tigase/_server/tigase-utils#28 #28

committed 12 months ago

2ca9e65c

Wojciech Kapcia (Tigase) changed state to 'Closed' 12 months ago

Previous Value	Current Value
In QA	Closed

Wojciech Kapcia (Tigase) commented 12 months ago

Thank you

Type	New Feature
Priority	Normal
Assignee	Bartosz Małkowski
Version	tigase-server-8.4.0
Target Release	1.0
Sprints	n/a
Customer	n/a

Iterations

tigase-server-8.4.0 Closed

Issue Votes (0)

Watchers (3)

Reference

tigase/_server/tigase-utils#28