PKI.js icon indicating copy to clipboard operation
PKI.js copied to clipboard

Published 20 hours ago verified publisher icon PeculiarVentures

Add support for 25519 and 448

Open rmhrisk opened this issue 8 years ago • 14 comments

https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/

rmhrisk avatar Feb 02 '17 04:02 rmhrisk

FYI: There's a proposal to bring Curve25519 to WebCrypto (see also https://github.com/tQsW/webcrypto-curve25519/issues/6). Although I guess we'd also need @peculiar/webcrypto to support it so it can be used on Node.js.

gnarea avatar Jul 13 '20 10:07 gnarea

Support for both curves just landed on Node 15.8: https://github.com/nodejs/node/commit/53a0bdff47

gnarea avatar Feb 02 '21 22:02 gnarea

@gnarea PRs welcomed /cc @microshine

rmhrisk avatar Feb 02 '21 22:02 rmhrisk

I like the idea to support those curves

microshine avatar Feb 03 '21 13:02 microshine

I'll try to have a go in the coming weeks.

Presumably we'll have to change https://github.com/PeculiarVentures/webcrypto too, and make sure that when other engines (e.g., the browser-based one) use of these algorithms a meaningful error is thrown (like "Ed25519 is not supported by this engine").

gnarea avatar Feb 05 '21 15:02 gnarea

@gnarea The latest version of @peculiar/webcrypto supports EdDSA and ECDH-ES mechanisms with (Ed25519, Ed448, X25519 and X448 curves) https://github.com/PeculiarVentures/webcrypto/pull/25

microshine avatar Feb 05 '21 15:02 microshine

@gnarea For which operation do you need those curves (eg CSR/cert generation, chain validation, etc)?

microshine avatar Feb 05 '21 15:02 microshine

Awesome! :clap: :clap:

I only need to do these things with Ed25519/Ed448:

  • Issue certificates.
  • Validate chains.
  • Sign SignedData values.
  • Verify SignedData values.

gnarea avatar Feb 05 '21 15:02 gnarea

I'm going to support those mechanisms in webcrypto-liner too (~1 week)

PKIjs allows supporting new mechanism by extending CryptoEngine. See an example of an extended engine https://github.com/PeculiarVentures/PKI.js/blob/master/examples/NodePKCS12Example/NodeEngine.js

microshine avatar Feb 05 '21 15:02 microshine

That's amazing!

We're in a code freeze right now because we're getting ready to launch, but I'll try it as soon as I can afterwards.

gnarea avatar Feb 05 '21 15:02 gnarea

@gnarea I added an example with an updated liner for trying https://github.com/PeculiarVentures/webcrypto-liner/issues/57#issuecomment-775890398

microshine avatar Feb 09 '21 12:02 microshine

Thanks for the example @microshine! Seems pretty straightforward which is awesome.

gnarea avatar Feb 09 '21 12:02 gnarea

Can you make it possible to encrypt/decrypt with x25519? This is possible with node's webcrypto experiment with 25519 curves.

CMCDragonkai avatar Sep 18 '22 08:09 CMCDragonkai

@CMCDragonkai, that'd require implementing RFC 8418, which I believe would be different from the OP.

That's something I've wanted to contribute for a while but haven't had the chance so far. Maybe if you have the time and the Peculiar Ventures team like the idea of supporting RFC 8418, you could discuss how you'd do implement it and propose a PR.

See also: #254

gnarea avatar Sep 19 '22 11:09 gnarea