Hi,
I am using cryptography to implement the KeyInfo part of W3C XML
Signature and am looking to add support for EC keys. The following is
part of an example structure I would like to be able to process:
<ECKeyValuexmlns="http://www.w3.org/2009/xmldsig11#";><NamedCurveURI="urn:oid:1.2.840.10045.3.1.7"/><PublicKey>vWccUP6Jp3pcaMCGIcAh3YOev4gaa2ukOANC7Ufg
Cf8KDO7AtTOsGJK7/TA8IC3vZoCy9I5oPjRhyTBulBnj7Y </PublicKey></ECKeyValue>
I have two questions.
First, according to W3C XML Signature (see
https://www.w3.org/TR/xmldsig-core1/#sec-ECKeyValue) the content of
|PublicKey|in ECKeyValue element is:
/"///a Base64 encoding of a binary representation of the x and y
coordinates of the point. ///Its value is computed as follows:/
1. /Convert the elliptic curve point (x,y) to an octet string by first
converting the field elements x and y to octet strings as specified
in Section 6.2 of //https://www.rfc-editor.org/rfc/rfc6090.txt//,
and then prepend the concatenated result of the conversion with
0x04. Support for Elliptic-Curve-Point-to-Octet-String conversion
without point compression is/////required///./
2. /Base64 encode the octet string resulting from the conversion in
Step 1."/
RFC 6090 section 6.2 states:
6.2. Integer-to-Octet-String Conversion
The integer x shall be converted to an octet string S of length k as
follows. The string S shall satisfy
k
y = SUM 2^(8(k-i)) Si .
i = 1
where S1, ..., Sk are the octets of S from first to last.
In other words, the first octet of S has the most significance in the
integer, and the last octet of S has the least significance.
I am looking to implement this using cryptography. There is an
encode_point() function in
hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers which is
documented to transform "an elliptic curve point to a byte string as
described inSEC 1 v2.0 <http://www.secg.org/sec1-v2.pdf>section
2.3.3.". Is this the same encoding as under the quoted section of XML
Signature, item (1) ?
Second question, the class asymmetric.ec.EllipticCurve has a "name" that
is the symbolic name used for the ASN.1 OID
For example, OID 1.3.132.0.34 has the name "secp384r1".
W3C XML Signature apparently expects the OID encoded as a URN
(https://www.ietf.org/rfc/rfc3061.txt), i.e. something like
"urn:oid:1.3.132.0.34". Is there a way in Python to get the OID value
for a named curve, rather than its symbolic name?
Kind Regards,
Pim
Kind Regards,
Pim
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
