[Cryptography-dev] Cryptography-dev Digest, Vol 27, Issue 10

Peter Hamilton peter.allen.hamilton at gmail.com
Wed Oct 28 15:14:09 EDT 2015 

Thanks for the information Ron, it definitely helps. It actually looks like
as of yesterday EllipticCurvePublicNumbers has a from_encoded_point class
method, which handles converting x/y. I should be able to use
cryptography.utils.int_from_bytes to handle the private_value. With these
two utilities, I should be good to go.

Thanks again!
Peter

On Wed, Oct 28, 2015 at 12:00 PM, <cryptography-dev-request at python.org>
wrote:

> Send Cryptography-dev mailing list submissions to
>         cryptography-dev at python.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://mail.python.org/mailman/listinfo/cryptography-dev
> or, via email, send a message with subject or body 'help' to
>         cryptography-dev-request at python.org
>
> You can reach the person managing the list at
>         cryptography-dev-owner at python.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Cryptography-dev digest..."
>
>
> Today's Topics:
>
>    1. Questions on writing EllipticCurve test fixtures (Peter Hamilton)
>    2. Re: Questions on writing EllipticCurve test fixtures
>       (Ron Frederick)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 27 Oct 2015 15:27:25 -0400
> From: Peter Hamilton <peter.allen.hamilton at gmail.com>
> To: cryptography-dev at python.org
> Subject: [Cryptography-dev] Questions on writing EllipticCurve test
>         fixtures
> Message-ID:
>         <CAL97E87hiXuGX40xdrHM7=_
> WM9mBg3z-A6SnuT-k1BnmHU-7wg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I'm trying to add a tests/hazmat/primitives/fixtures_ec.py file containing
> EllipticCurve fixtures for use in testing the certificate validation
> feature I'm working on, and I have a few questions. I'm using OpenSSL to
> generate EllipticCurve public/private keys, with the intent of then adding
> them in fixtures_ec.py as Python literals (like how fixtures_rsa.py and
> fixtures_dsa.py handle things).
>
> When defining EllipticCurvePrivateNumbers, is the hex string used for the
> private_value argument taken verbatim from the priv field in the
> EllipticCurve private key file, or is it the hex of the integer produced
> after converting the priv hex string according to the rules in RFC 5915 and
> 3447? I have the same questions regarding the x and y fields of the
> EllipticCurvePublicNumbers object that's also needed by
> EllipticCurvePrivateNumbers. It's not clear to me, from looking at the RSA
> and DSA examples, how they're handled so without more context here I'm
> pretty much stuck. I tried backtracking how the EllipticCurvePrivateNumbers
> data is used by the backends but I didn't find anything that shed light on
> the situation.
>
> Also, is OpenSSL the best tool to use here for generating these test
> examples? It's what I've always used but if there's another tool that
> generates the EllipticCurve keys in the format that cryptography expects,
> I'm happy to switch to using that to generate the examples.
>
> Thanks for your time,
> Peter Hamilton
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mail.python.org/pipermail/cryptography-dev/attachments/20151027/34f85508/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Tue, 27 Oct 2015 19:40:49 -0700
> From: Ron Frederick <ronf at timeheart.net>
> To: cryptography-dev at python.org
> Subject: Re: [Cryptography-dev] Questions on writing EllipticCurve
>         test fixtures
> Message-ID: <7D5777C6-3EDD-43C2-89A0-6A2004D17276 at timeheart.net>
> Content-Type: text/plain; charset=utf-8
>
> On Oct 27, 2015, at 12:27 PM, Peter Hamilton <
> peter.allen.hamilton at gmail.com> wrote:
> > I'm trying to add a tests/hazmat/primitives/fixtures_ec.py file
> containing EllipticCurve fixtures for use in testing the certificate
> validation feature I'm working on, and I have a few questions. I'm using
> OpenSSL to generate EllipticCurve public/private keys, with the intent of
> then adding them in fixtures_ec.py as Python literals (like how
> fixtures_rsa.py and fixtures_dsa.py handle things).
> >
> > When defining EllipticCurvePrivateNumbers, is the hex string used for
> the private_value argument taken verbatim from the priv field in the
> EllipticCurve private key file, or is it the hex of the integer produced
> after converting the priv hex string according to the rules in RFC 5915 and
> 3447? I have the same questions regarding the x and y fields of the
> EllipticCurvePublicNumbers object that's also needed by
> EllipticCurvePrivateNumbers. It's not clear to me, from looking at the RSA
> and DSA examples, how they're handled so without more context here I'm
> pretty much stuck. I tried backtracking how the EllipticCurvePrivateNumbers
> data is used by the backends but I didn't find anything that shed light on
> the situation.
>
> The private value in DER or PEM encoded ECDSA keys is an octet string, but
> it must be converted to an integer before it is passed to
> EllipticCurvePrivateNumbers. In Python, you can use ?int.from_bytes? for
> this, passing in ?big? as the byte order.
>
> The x and y public values in DER or PEM encoded ECDSA values must also be
> converted to integer values before being passed to
> EllipticCurvePublicNumbers. However, they are encoded together in a single
> ASN.1 value which must be first decoded as described in RFC 5480 or
> http://www.secg.org/sec1-v2.pdf.
>
> The point byte string is encoded as an ASN.1 bit string in the case of EC
> private keys, so it must first be decoded as bytes (and confirming that it
> is a multiple of 8 bits long with no padding bits). EC public keys encode
> this in ASN.1 directly as an octet string, so this last point isn?t an
> issue there.
>
> There?s work going on right now to add EC point encode/decode functions to
> Cryptography, so if you wait a bit you won?t need to code that yourself.
> See the discussion at:
>
> https://github.com/pyca/cryptography/issues/2346
>
>
> > Also, is OpenSSL the best tool to use here for generating these test
> examples? It's what I've always used but if there's another tool that
> generates the EllipticCurve keys in the format that cryptography expects,
> I'm happy to switch to using that to generate the examples.
>
> I generally use OpenSSL to generate keys, but it?s also possible to use
> ?ssh-keygen?. In addition to PKCS#8 and the older PEM encoding, it supports
> a few more formats, but those are probably only interesting if you are
> looking to interoperate with SSH rather than SSL.
> --
> Ron Frederick
> ronf at timeheart.net
>
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
>
> ------------------------------
>
> End of Cryptography-dev Digest, Vol 27, Issue 10
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20151028/3c92f825/attachment.html>

More information about the Cryptography-dev mailing list