Projects tigase _server tigase-utils Issues #28
Add support for certificates private key using `ecdsa` (#28)
wojciech.kapcia@tigase.net opened 7 months ago

We should add support for certificates private keys using ecdsa algorithms as new Certbot (Let's Encrypt) defaults to it as per documentation https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys:

Certbot supports two certificate private key algorithms: rsa and ecdsa.

As of version 2.0.0, Certbot defaults to ECDSA secp256r1 (P-256) certificate private keys for all new certificates. Existing certificates will continue to renew using their existing key type, unless a key type change is requested.

The type of key used by Certbot can be controlled through the --key-type option. You can use the --elliptic-curve option to control the curve used in ECDSA certificates and the --rsa-key-size option to control the size of RSA keys.


Reproducible: java -cp jars/tigase-utils.jar tigase.cert.CertificateUtil -lc certs/<domain>.pem -simple

Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key
	at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source)
	at java.base/java.security.KeyFactory.generatePrivate(Unknown Source)
	at tigase.cert. CertificateUtil parseCertificate(CertificateUtil.java:605)
	at tigase.cert.CertificateUtil.loadCertificate(CertificateUtil.java:415)
	at tigase.cert.CertificateUtil.loadCertificate(CertificateUtil.java:435)
	at tigase.cert.CertificateUtil.main (CertificateUtil.java: 484)
Caused by: java.security.InvalidKeyException: Invalid RSA private key
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(Unknown Source)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(Unknown Source)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl. newKey (Unknown Source)
	at java.base/sun.security.rsa.RSAKeyFactory generatePrivate (Unknown Source)
	... 6 more
Caused by: java.io.I0Exception: Version must be 0
	at java.base/sun.security.rsa.RSAPrivateCrtKeỹImpl.parseASN1 (Unknown Source)
	... 10 more
wojciech.kapcia@tigase.net moved 7 months ago
Previous Value Current Value
tigase/_server/server-core
tigase/_server/tigase-utils
wojciech.kapcia@tigase.net batch edited 7 months ago
Name Previous Value Current Value
Iterations
empty
tigase-server-8.4.0
Referenced from commit 7 months ago
Bartosz Małkowski changed state to 'In Progress' 7 months ago
Previous Value Current Value
Open
In Progress
Bartosz Małkowski changed state to 'In QA' 7 months ago
Previous Value Current Value
In Progress
In QA
Bartosz Małkowski commented 7 months ago

I added support for PKCS#8 encoded EC keys. I added testes for key&cert parsing.

Referenced from commit 7 months ago
wojciech.kapcia@tigase.net changed state to 'Closed' 7 months ago
Previous Value Current Value
In QA
Closed
wojciech.kapcia@tigase.net commented 7 months ago

Thank you

issue 1 of 1
Type
New Feature
Priority
Normal
Assignee
Version
tigase-server-8.4.0
Target Release
1.0
Sprints
n/a
Customer
n/a
Iterations
Issue Votes (0)
Watchers (3)
Reference
tigase/_server/tigase-utils#28
Please wait...
Page is in error, reload to recover