[xmlsec] ECDSA test key/files

Aleksey Sanin aleksey at aleksey.com
Wed Feb 15 09:38:06 PST 2017


Here is the change that added tests and also added the note to the
readme file with the commands used to generate the keys:

https://github.com/lsh123/xmlsec/commit/8a234bb11183bd2f978365d089c2874c3351300e#diff-63b09e79322947706d90f6ac2ff46597

Aleksey

On 2/15/17 3:22 AM, Miklos Vajna wrote:
> Hi,
> 
> I tried to look at supporting ECDSA in the nss backend. Here is a work
> in progress code:
> 
> https://github.com/vmiklos/xmlsec/tree/nss-ecdsa-wip
> 
> (I'll send a pull request when it actually works.)
> 
> It currently fails as it seems the enveloping-sha512-ecdsa-sha512.xml
> test file is using an EC key where the parameter is secp256k1, which is
> not supported by NSS.
> 
> Here is a list of parameters supported by NSS:
> 
> http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12766.html
> 
> So based on that, perhaps I would start with secp256r1. Which leads to
> the question I would like this ask:
> 
> How are the ecdsa-secp256k1 test keys are generated? I found no commands
> regarding them in tests/keys/README.
> 
> If the documentation could be updated, then perhaps a way forward would
> be adding ecdsa-secp256r1 testcases for openssl, and then I could
> validate my NSS code by making sure the same tests pass for the NSS
> backend as well.
> 
> Thanks,
> 
> Miklos
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20170215/f1b98133/attachment.sig>


More information about the xmlsec mailing list