Page MenuHome GnuPG
Create Task
Maniphest T4013

Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix
Closed, ResolvedPublic
Actions

Description

I have used gpgsm --gen-key to generate a certificate request based on a Ed25519 key stored on a Gnuk token.

The certificate request can't be processed by OpenSSL (tested with 1.0.2o and 1.1.1-pre7):

Check that the request matches the signature
error unpacking public key
140413640283904:error:100D7010:elliptic curve routines:eckey_pub_decode:EC lib:crypto/ec/ec_ameth.c:150:
140413640283904:error:0B09407D:x509 certificate routines:x509_pubkey_decode:public key decode error:crypto/x509/x_pubkey.c:124:

My understanding is that OpenSSL expects the Ed25519 public key in the CSR to be represented in the format specified in the draft-ietf-curdle-pkix draft, which is different from the format used for other ECC keys. Other ECC keys are represented as a ecPublicKey algorithm identifier (OID 1.2.840.10045.2.1) followed by the curve identifier, whereas (as per the aforementioned draft) Ed25519 keys should be represented solely by the new OID 1.3.101.112.

To illustrate, here is the relevant portion of the CSR generated by GpgSM (as analyzed by OpenSSL's asn1parse):

122:d=2  hl=2 l=  58 cons:   SEQUENCE
124:d=3  hl=2 l=  20 cons:    SEQUENCE
126:d=4  hl=2 l=   7 prim:     OBJECT            :id-ecPublicKey
135:d=4  hl=2 l=   9 prim:     OBJECT            :1.3.6.1.4.1.11591.15.1
146:d=3  hl=2 l=  34 prim:    BIT STRING

and the corresponding portion from a CSR generated with OpenSSL 1.1.1-pre7:

107:d=2  hl=2 l=  42 cons:   SEQUENCE         
109:d=3  hl=2 l=   5 cons:    SEQUENCE          
111:d=4  hl=2 l=   3 prim:     OBJECT            :1.3.101.112
116:d=3  hl=2 l=  33 prim:    BIT STRING

I believe one place to fix this would be in libksba's _ksba_keyinfo_from_sexp function (src/keyinfo.c), where Ed25519 keys should be treated differently than other ECC keys.

Details

Version
master

Revisions and Commits

rG GnuPG
rG3cbdf896e691 sm: Support generation of card-based ed25519 CSR.

Related Objects

Event Timeline

gouttegd created this task.Jun 8 2018, 12:45 PM
werner triaged this task as Normal priority.Jun 8 2018, 10:15 PM
werner edited projects, added Feature Request, S/MIME; removed Bug Report.
werner added a subscriber: werner.

I was not aware that you could do this at all. You are right in that to start supporting this we first need to update libksba.

werner claimed this task.Dec 13 2018, 9:38 AM
werner mentioned this in T4098: GpgSM: Add ECC support.Feb 6 2019, 9:56 AM
gouttegd mentioned this in T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.Feb 13 2019, 1:37 AM
gniibe added a commit: rG3cbdf896e691: sm: Support generation of card-based ed25519 CSR..Feb 18 2019, 3:37 AM
gniibe changed the task status from Open to Testing.Mar 24 2020, 3:35 AM
gniibe added a project: Restricted Project.
gniibe added a subscriber: gniibe.

This should work well with libksba master and gnupg/sm master.

werner removed a project: Restricted Project.Sep 22 2022, 10:59 AM
werner closed this task as Resolved.Dec 6 2022, 2:25 PM

I guess we can close this one.