IETF Logo Mail Archive

Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 08 May 2017 08:39 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B43C126BF7 for <curdle@ietfa.amsl.com>; Mon, 8 May 2017 01:39:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7hxIOYFvIn2 for <curdle@ietfa.amsl.com>; Mon, 8 May 2017 01:39:00 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 879D4127B57 for <curdle@ietf.org>; Mon, 8 May 2017 01:38:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id A5DB85FEC4 for <curdle@ietf.org>; Mon, 8 May 2017 11:38:58 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id 02sDEcuEi41j for <curdle@ietf.org>; Mon, 8 May 2017 11:38:58 +0300 (EEST)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 628F627F for <curdle@ietf.org>; Mon, 8 May 2017 11:38:58 +0300 (EEST)
Date: Mon, 08 May 2017 11:38:57 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: curdle@ietf.org
Message-ID: <20170508083857.GA6317@LK-Perkele-V2.elisa-laajakaista.fi>
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com> <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com> <006d01d2c194$0e99b280$2bcd1780$@augustcellars.com> <CAFewVt7iuyzY-VkQn7V7PjEOWyk0k7-KLsmpEGjhSdTh7JW2Og@mail.gmail.com> <CAFewVt5v_bqQMo7ZpnnUWa2c41Xy-SkUWw63sh8Yn-UWskKdmw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAFewVt5v_bqQMo7ZpnnUWa2c41Xy-SkUWw63sh8Yn-UWskKdmw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/u1nqSxrB6Z45stKtLkrHp3F3EHY>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 08:39:03 -0000

On Sun, May 07, 2017 at 01:46:03PM -1000, Brian Smith wrote:
> Let me try again, this time using the same encoding that is used in
> the RFC (Base64):
> 
> Here are 5 examples of v2 PKCS#8 Ed25519 private keys, with the public
> key included, that I'd like to have included in the RFC as test
> vectors. The first four examples are valid (I hope!) and 5th example
> is invalid.

<snip some test vectors>


In case you want these, I did the corresponding vectors for Ed448
(using the reference implementation). I also included example PKCS#8v1
and public key (hopefully these are correct, I do have TLS library
capable of handling Ed448 keys, but it can't load this format, and
writing key module code for it would be a bit nontrivial):


Ed448 private key (from the first test vector in RFC8032):
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOWyCpWLLgI0Q1jK+ichRPr9skp803fqMn2PJlg7240ijUoyKP8wvBE45
o/xblEkvjwMudUmiAJj5Ww==
-----END PRIVATE KEY-----

Dumped as asn1:
    0 30   71: SEQUENCE {
    2 02    1:   INTEGER 0
    5 30    5:   SEQUENCE {
    7 06    3:     OBJECT IDENTIFIER
             :       EdDSA 448 signature algorithm { 1 3 101 113 }
             :     }
   12 04   59:   OCTET STRING
             :     04 39 6C 82 A5 62 CB 80 8D 10 D6 32 BE 89 C8 51
             :     3E BF 6C 92 9F 34 DD FA 8C 9F 63 C9 96 0E F6 E3
             :     48 A3 52 8C 8A 3F CC 2F 04 4E 39 A3 FC 5B 94 49
             :     2F 8F 03 2E 75 49 A2 00 98 F9 5B
             :   }

Note that the value of the private key is:

6C 82 A5 62 CB 80 8D 10 D6 32 BE 89 C8 51 3E BF
6C 92 9F 34 DD FA 8C 9F 63 C9 96 0E F6 E3 48 A3
52 8C 8A 3F CC 2F 04 4E 39 A3 FC 5B 94 49 2F 8F
03 2E 75 49 A2 00 98 F9 5B


Ed448 public key (the first test vector in RFC8032):

Public Key Information:
    Public Key Algorithm: EdDSA448
    Algorithm Security Level: Ultra

Public Key Usage:

Public Key ID: 3a04967761a552db7e9e18c6dba4bd4aae119908
-----BEGIN PUBLIC KEY-----
MEMwBQYDK2VxAzoAX9dEm1m0Yf0s54fsYWrUah2hNCSFpw4fig6nXYDpZ3jt8SR2m0bHBhvWeD3x
5Q9s0foavq/oJWGA
-----END PUBLIC KEY-----


Ed448 PKCS#8 v2. The first byte of the private key is zero:
-----BEGIN PRIVATE KEY-----
MIGFAgEBMAUGAytlcQQ7BDkAlY2VelwSNc5qN87ewXgVx3poDdR0OdqYyo/uBy4bnWEwDLG3dHXO
p+usJ1j3LxKJXlLXuR1HeQahPAM6APhztQF4TM64dZqkG41k/xfFx8cD346La7OO3tdx1s7eWRnh
/D+8vavt+fTgtDVtKgNq9hGF7z3YgA==
-----END PRIVATE KEY-----


Ed448 PKCS#8 v2. The last byte of the private key is zero:
-----BEGIN PRIVATE KEY-----
MIGFAgEBMAUGAytlcQQ7BDmB0i639YAUIxrkaJKyasoRPI/sVNywUPCC2G6LFgMH6u4K5aEaOH2m
BQ4BPulPRikPE0RqH+M/yAChPAM6AO45hh9/sUCg4JD4SIOZmB4eBBemoVXmDp/U95GzOnE1oIgf
TWQErk0VdzozIHu4AsIqup3RIZ7PAA==
-----END PRIVATE KEY-----


Ed448 PKCS#8 v2. The first byte of the public key is zero:
-----BEGIN PRIVATE KEY-----
MIGFAgEBMAUGAytlcQQ7BDn7w37WCHYkgzuWFxIp9s1UZdjBRWLCHQErJnYslwhzgarOZ4p5EnP5
JnC6y0q9FnZ/vaaqdgZSOVOhPAM6AAChrpHbZRZwBDZttZ5zgsK6WSL2jG+gOdwUITv0nOZ8wwv8
NTJ+CDurgoxzllC9o5V22p5f2LDKgA==
-----END PRIVATE KEY-----


Ed448 PKCS#8 v2. The last byte of the public key is zero:
-----BEGIN PRIVATE KEY-----
MIGFAgEBMAUGAytlcQQ7BDluPRT8xhEhgC+tSgkBXH/NcJ3rQcjQwuHuz4C3yoHa8dxx3rl5AoLs
+Msa6yepMSM8szmmA3tDHhWhPAM6AAwjssedathfb9G4JZl44MHQrenIavuVLx7WGWlAyizxOICd
OlNhiNnaG9X82sCHapbYur9B2M7aAA==
-----END PRIVATE KEY-----


INVALID Ed448 PKCS#8 v2. The last byte of the public key has
had its high bit flipped. (In Ed448 the public key has an extra byte not
present in X448.)
-----BEGIN PRIVATE KEY-----
MIGFAgEBMAUGAytlcQQ7BDmO9WySfQhRwpCdsECXiaxQAkMNe9QX2SApkWvjLMw07mXmtIFRWj0+
TblePrcgZtjcDVGCXfj+JgGhPAM6AFWgw4BsOzoCCGWud8wIhJnVVsxQXGqUPO+KySrQKzgR7Vnn
r4JiAANv2azdo57L52bQB3wmjqLbAA==
-----END PRIVATE KEY-----


-Ilari

v2.23.0 | Report a Bug | By Email