Is the intention that there will be a mapping of public key to signature algorithm and it will be a one-to-one mapping? Just double checking how to decide what algorithm to use for signing and verifying. The current text would only address a single set of public keys.
Jim -----Original Message----- From: Michael Richardson <[email protected]> Sent: Sunday, May 26, 2019 7:38 PM To: Thomas Werner <[email protected]>; consultancy <[email protected]>; [email protected] Cc: Jim Schaad <[email protected]> Subject: constrained voucher examples updated --- voucher looks wrong I have updated the appendix to draft-ietf-anima-constrained-voucher, which contains the COSE signed CBOR vouchers. I have included base64 of the binary, as well as CBOR diagnostic format. Please see: https://github.com/anima-wg/constrained-voucher/blob/master/constrained-vouc her.txt#L2218 I am including the private (EC) keys in PKCS1 form ("BEGIN EC PRIVATE KEY"), perhaps I should use PKCS8/RFC5208 format ("BEGIN PRIVATE KEY") instead? Thomas, and Jim, would you take a crack at validating the voucher-request and parboiled (Registrar signed) voucher requests from these files? The raw binary files are at: https://github.com/anima-wg/constrained-voucher/tree/master/examples along with the public keys. It's just COSE signatures. In doing this, I've discovered a bug in my code, and I believe it needs to be fixed. Specifically, it appears at line: https://github.com/anima-wg/constrained-voucher/blob/master/constrained-vouc her.txt#L2478 You'll notice: "00-D0-E5-F2-00-02", 11: "rIe_64PzENXdd32FApWcMQ", 12: "MII B5TCCAWugAwIBAgIBATAKBggqhkjOPQQDAjBzMRIwEAYKCZImiZPyLGQBGRY that is, I've pinned the *base64* encoding of the registrar's DER encoded certificate, rather than the DER encoding itself. This is clearly wrong, but I do it consistently and tolerantly so I don't notice. I will be fixing this. However, the signature on the resulting object should be correct, even if the contents are semantically wrong. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =- _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
