[Cryptography-dev] ECDSA Interoperablity with Microsoft CNG-based peer

André Caron andre.l.caron at gmail.com
Thu Aug 18 09:21:17 EDT 2016 

Hi Paul,

> Not at the moment. BN conversions are strictly in the bindings.

Actually, if you look at my previous email, these two little helpers turned
out to work fine for me:

     from cryptography.utils import (
         int_from_bytes,
         int_to_bytes,
     )

> We'd like to eventually have a CNG backend, but we don't have a good
story for merging coverage right now. That said, it probably should live in
a separate repo while it's being worked on so getting coverage data becomes
a simpler issue then.

I didn't mean to say I wanted to add a CNG backend.  I meant adding
conversion functions for P1363 encoding to easy compatibility with a peer
that's CNG based.  Here are the three things I'd be willing to work on:

1. transform from ASN.1 (DER) to P1363
2. transform from P1363 to ASN.1 (DER)
3. equivalent to "EllipticCurvePublicNumbers.from_encoded_point()", but for
private numbers (to load private keys encoded as X, Y and d values in
big-endian octet streams).

Cheers,

André

On Wed, Aug 17, 2016 at 8:45 PM, Paul Kehrer <paul.l.kehrer at gmail.com>
wrote:

> On August 16, 2016 at 11:18:16 PM, André Caron (andre.l.caron at gmail.com)
> wrote:
>
> Hi Alex,
>
> <snip>
>
>
> However, I'm relying on cryptography internals to do this, which is
> definitely not desirable in the medium-long term.  Know of a better way to
> do these conversions by relying only on public APIs?
>
> Not at the moment. BN conversions are strictly in the bindings.
>
>
>
> Also, I guess I'm not the only person that's going to be running into
> this.  Any interest in adding built-in support for this in cryptography?
> If so, I'd be willing to put some effort into a PR.
>
> We'd like to eventually have a CNG backend, but we don't have a good story
> for merging coverage right now. That said, it probably should live in a
> separate repo while it's being worked on so getting coverage data becomes a
> simpler issue then.
>
>
>
> Thanks,
>
> André
>
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160818/f7bc8f01/attachment-0001.html>

More information about the Cryptography-dev mailing list