[xmlsec] ECDSA test key/files

Miklos Vajna vmiklos at vmiklos.hu
Wed Feb 15 03:22:08 PST 2017


I tried to look at supporting ECDSA in the nss backend. Here is a work
in progress code:


(I'll send a pull request when it actually works.)

It currently fails as it seems the enveloping-sha512-ecdsa-sha512.xml
test file is using an EC key where the parameter is secp256k1, which is
not supported by NSS.

Here is a list of parameters supported by NSS:


So based on that, perhaps I would start with secp256r1. Which leads to
the question I would like this ask:

How are the ecdsa-secp256k1 test keys are generated? I found no commands
regarding them in tests/keys/README.

If the documentation could be updated, then perhaps a way forward would
be adding ecdsa-secp256r1 testcases for openssl, and then I could
validate my NSS code by making sure the same tests pass for the NSS
backend as well.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20170215/c2132556/attachment.sig>

More information about the xmlsec mailing list