[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 Miklos Vajnachanged: What|Removed |Added Status|NEW |ASSIGNED Assignee|libreoffice-b...@lists.free |vmik...@collabora.co.uk |desktop.org | OS|Windows (All) |Linux (All) --- Comment #9 from Miklos Vajna --- Thanks for the update, xmlsec now accepts this on Linux/macOS. Let me use this bug for the xmlsec/nss scenario and once it works, we could have a follow-up bug for the Windows part. Though that won't be too easy, since CryptoAPI doesn't seem to support ECDSA. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 --- Comment #8 from Aron Szabo--- Created attachment 131679 --> https://bugs.documentfoundation.org/attachment.cgi?id=131679=edit LibreOffice document with ECDSA signature (fixed, 2017-03-06) -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 --- Comment #7 from Miklos Vajna--- It seems this signature still has a small problem, https://tools.ietf.org/html/rfc4050#section-3.3 says ECDSA signature value should be just the (r,s) pair as-is (with base64 encoding), while the sample applies the ASN1 encoding suggested by https://tools.ietf.org/html/rfc3279#section-2.2.3 -- which is an earlier RFC + applies in general, not in particular to xmldsig. The result is that xmlsec refuses to verify the signature currently. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 --- Comment #6 from Aron Szabo--- I have uploaded a fixed version of the LibreOffice document with ECDSA signature. The reason: the unknown name elements of Subject/Issuer fields of the certificates are escaped to 'UNDEF' string instead of their OID value as string by OpenSSL library of PHP. This OID-to-string conversion was fixed in the case of unknown organizationIdentifier (2.5.4.97) name element. C=HU,L=Budapest,O=NISZ Nemzeti Infokommunikációs Szolgáltató Zrt.,CN=Állampolgári Tanúsítványkiadó - Qualified Citizen CA,2.5.4.97=VATHU-10585560 -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 --- Comment #5 from Aron Szabo--- Created attachment 131436 --> https://bugs.documentfoundation.org/attachment.cgi?id=131436=edit LibreOffice document with ECDSA signature (fixed, 2017-02-24) -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 Aron Budeachanged: What|Removed |Added CC||ba...@caesar.elte.hu Blocks||105605 Referenced Bugs: https://bugs.documentfoundation.org/show_bug.cgi?id=105605 [Bug 105605] [META] Digital signatures bugs and enhancements -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 Miklos Vajnachanged: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #4 from Miklos Vajna --- dbgutil build prints this error: warn:xmlsecurity.xmlsec:31557:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: transforms.c:1571: xmlSecTransformNodeRead() '' 'xmlSecTransformIdListFindByHref' 1 'href=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256' warn:xmlsecurity.xmlsec:31557:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: transforms.c:704: xmlSecTransformCtxNodeRead() '' 'xmlSecTransformNodeRead' 1 'name=SignatureMethod' warn:xmlsecurity.xmlsec:31557:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:775: xmlSecDSigCtxProcessSignedInfoNode() '' 'xmlSecTransformCtxNodeRead' 1 'node=SignatureMethod' warn:xmlsecurity.xmlsec:31557:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:568: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessSignedInfoNode' 1 ' ' warn:xmlsecurity.xmlsec:31557:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:386: xmlSecDSigCtxVerify() '' 'xmlSecDSigCtxSignatureProcessNode' 1 ' ' Look like the first problem is that xmlsec doesn't recognize the http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 string as a valid value for when it uses a non-openssl backend (which is a problem for us, as we use the mscrypto/nss backends). Marking as confirmed. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 --- Comment #2 from Aron Szabo--- Created attachment 131182 --> https://bugs.documentfoundation.org/attachment.cgi?id=131182=edit binary SignatureValue -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 --- Comment #3 from Aron Szabo--- Created attachment 131183 --> https://bugs.documentfoundation.org/attachment.cgi?id=131183=edit base64-encoded public key from X.509 certificate -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 105983] Supporting ECDSA (NIST P-256 curve) signatures created by Hungarian citizen eID card
https://bugs.documentfoundation.org/show_bug.cgi?id=105983 --- Comment #1 from Aron Szabo--- Created attachment 131181 --> https://bugs.documentfoundation.org/attachment.cgi?id=131181=edit canonicalized SignedInfo -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs