Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add

Eric Rescorla <ekr@rtfm.com> Sun, 11 June 2017 06:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CA71128D40 for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 23:56:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyVPkcUkR6xr for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 23:56:11 -0700 (PDT)
Received: from mail-yb0-x232.google.com (mail-yb0-x232.google.com [IPv6:2607:f8b0:4002:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90C041273E2 for <dcrup@ietf.org>; Sat, 10 Jun 2017 23:56:11 -0700 (PDT)
Received: by mail-yb0-x232.google.com with SMTP id f192so22004765yba.2 for <dcrup@ietf.org>; Sat, 10 Jun 2017 23:56:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=E4iCvOZAtdL1iflR78EAYD4D0y7F6CF8AVU2UtasYcs=; b=G6xGiLEnNtvjveBpWCvS6YBp5LFb7XOTzDzDUZE1qgavLZvnSjbD++c4CKKuWsk9i2 NDODd7IUnW7IfiwLDKgCS+BKhtLbWViKGbvVuPD/s9/7QOYz+htFHnlbNE4GpEx90wBs iu6sZs85T5nHRTK0SvJCb8yno+4vDAHZs7skfIykMMlZDjBkgU1wOBDH3gsnnj51pab+ 7yKJ5cAkuAAK8/gep3Mp06OGLlBe/ysnfDLLW36jvfMvfV5FX3EblmLyywvm2s/0RvGl v11U+e2KMxklGfKy6VJeNcpe2bABJBRiBDhEDNXGxoHe46TlFjVn2Yx2VlbXDRGcLhXb 2Cfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=E4iCvOZAtdL1iflR78EAYD4D0y7F6CF8AVU2UtasYcs=; b=mMmgSesQ+MYsNo40/w1nxrsyGS2U6jCHk4l6ELvB3meTXwhirzQ9wi5RyC+eaZ1p76 2kdNfEh6Pvi+Z3XoKWflCzEZoeTat8NiOLfeV5lbgAuMmHe72uTg2ceifYcOjuMNLwYW Mb2Bsul+h9hUzwGDQ/6Bh77P0OCCwezocdI4chhaAc0+7ugMUI8Qe8/LADpMNOUo58sG O06Xddt4ICNAOpmTzQ984Ml0ryE+lyP7HXx5mb1f7XCy3W8wJjrW/IMTD//W8fI8xOXY +Z3dn+biA3mMTgt7mdcGjX2DztRzlHo2f5qcow9ozkwSeOHyyd+NHlI4TTZDCsmUKtEZ vMVQ==
X-Gm-Message-State: AODbwcAsbUrclc6RuQxweC87RFCNz4khXiM2HkgK1mlBWr0K+lg2fe8B F2Nu/puuz9CmgOACyB77yqlKStCCLkdjQkM=
X-Received: by 10.37.44.72 with SMTP id s69mr19676561ybs.89.1497164170821; Sat, 10 Jun 2017 23:56:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.144 with HTTP; Sat, 10 Jun 2017 23:55:30 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.21.1706101344460.16992@ary.qy>
References: <20170610125545.14232.qmail@ary.lan> <CABkgnnUAJ6ix3pMB_Y792QOCqRSp2qA9oTSyUCbXP_=P5HRwGA@mail.gmail.com> <CABcZeBMAmjVaJCJwB-qZSpTX0aS-oi1mTduHCdLCM33dWj9P-Q@mail.gmail.com> <alpine.OSX.2.21.1706101205270.16559@ary.qy> <CABcZeBM_P4C8xYDmMEbhAbs1tVPVWk6+UgT7vAcktSNtjVyXCg@mail.gmail.com> <alpine.OSX.2.21.1706101211200.16559@ary.qy> <CABcZeBN9r9XdsJVayMcUE03WJv74MOsefVdwb-CdchVbaKdT1Q@mail.gmail.com> <alpine.OSX.2.21.1706101344460.16992@ary.qy>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 11 Jun 2017 07:55:30 +0100
Message-ID: <CABcZeBNY_iHSfQABb=-+eZ14tkFb=HvOKUgGccM3qqpAZ87jjw@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: dcrup@ietf.org
Content-Type: multipart/alternative; boundary="001a11432ade9299050551a9b298"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/wuO2XasjA72Z5qVUd_qLJanasbA>
Subject: Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jun 2017 06:56:13 -0000

On Sat, Jun 10, 2017 at 6:48 PM, John R Levine <johnl@taugh.com> wrote:

> Hmmm... That's not really part of the standard RSA signing interface that
>> I'm familiar with. See for instance [0].. Can you send me a pointer to
>> what
>> you have in mind.
>>
>
> I do this to generate the key:
>
> $ openssl genrsa -rand /dev/random -out key.example.com 1024
>
> $ openssl rsa -in key.example.com -pubout | munge > key record
>
> where munge removes the BEGIN/END PUBLIC KEY puts the key on one line


Thanks for the explanation. That helps.


>
>
Somehow that blob includes the key length, since I can change the length
> and the signing and validation code is the same.
>
> For the interface, it would be nice if the EC key were similarly
> self-describing.  Or it may be moot since the key sizes are fixed.


Yes the EC keys are self-describing. They say which curve they are on,
which tells you the length,
so you should be good.

Best
-Ekr


>
> Regards,
> John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail. https://jl.ly
>