Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP Signatures #170

Open
barzamin opened this issue Jan 17, 2019 · 6 comments
Open

HTTP Signatures #170

barzamin opened this issue Jan 17, 2019 · 6 comments
Labels
A: Backend Anything related to the backend A: Federation Anything related to federation
Milestone
alpha

Comments

@barzamin
Copy link
Member

Need to implement keypair generation, wire into the publicKey field in actors, and actually do the signature stuff (probably with https://github.com/asonix/http-signatures).
@barzamin barzamin added the A: Federation Anything related to federation label Jan 17, 2019
@barzamin barzamin added this to the alpha milestone Jan 17, 2019
@asonix
Copy link

asonix commented Jan 17, 2019

Hey! so for information regarding my http-signatures crate, for encoding, it needs a Ring 13.5 RSAKeyPair type, and for decoding it needs a PKCS1 DER encoded Input type (from the untrusted crate, but exported by HTTP Signatures).

Unfortunately, it looks like the only crate in the ecosystem that can generate RSA Keypairs is OpenSSL, which exports to SubjectPublicKeyInfo PEM, PKCS1 PEM, SubjectPublicKeyInfo DER, and PKCS1 DER. Ring can build an RSAKeyPair from PKCS8 PEM, or PKCS1 DER.

It's likely that when using my crate, you'll need to do some translation, because I think Masto and friends use PKCS1 PEM for their plaintext representations (it might be SubjectPublicKeyInfo PEM).

For Aardwolf, I'm storing keys as PKCS1 DER byte arrays in the DB, and I'll do translation to PKCS1 PEM using the OpenSSL crate for plaintext representations.

I should really put some of this in the http-signatures docs

@barzamin
Copy link
Member Author

@asonix in SignedHeader::verify, key: Input. what's the semantically expected content of key?

@asonix
Copy link

asonix commented Jan 17, 2019

That's a PKCS1 DER encoded set of bytes. I probably should have just taken a Vec<u8> or &[u8] to make it easier for callers.

@asonix
Copy link

asonix commented Jan 17, 2019

You can get that from an openssl::rsa::Rsa type with public_key_to_der_pkcs1

@asonix
Copy link

asonix commented Jan 17, 2019

ACTUALLY I should have created a trait like

pub trait IntoVerifyType {
    type Error: Fail;

    fn into_verify_type(&self) -> Result<Vec<u8>, Self::Error>;
}

impl IntoVerifyType for Rsa {
    type Error = ErrorStack;

    fn into_verify_type(&self) -> Result<Vec<u8>, Self::Error> {
        self.public_key_to_der_pkcs1()
    }
}

and then it can be extended by consumers of my library, or by others in the future

@asonix
Copy link

asonix commented Jan 18, 2019

Alright, with the openssl feature, it enables the following helpful methods

CreateKey::from_openssl_rsa(Rsa<Private>, ShaSize)

AsVerifyKey::as_verify_key(&self) // for Rsa<Public> and Rsa<Private>

@barzamin barzamin added the A: Backend Anything related to the backend label Jul 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A: Backend Anything related to the backend A: Federation Anything related to federation
Projects
None yet
Milestone
alpha
Development

No branches or pull requests
2 participants
@asonix @barzamin