Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Importing existing CA: KeyError: 'ecdsa-with-SHA384' #118

Open
MEschenbacher opened this issue Jun 12, 2021 · 5 comments
Open

[feature] Importing existing CA: KeyError: 'ecdsa-with-SHA384' #118

MEschenbacher opened this issue Jun 12, 2021 · 5 comments
Labels
enhancement

Comments

@MEschenbacher
Copy link

MEschenbacher commented Jun 12, 2021
edited
Loading

I'm trying to importing an existing CA certificate which generates an error:

  File "/home/max/git/django-x509/django_x509/base/models.py", line 362, in _import
    self.digest = SIGNATURE_MAPPING[algorithm]
KeyError: 'ecdsa-with-SHA384'
[13/Jun/2021 00:03:38] "POST /admin/django_x509/ca/add/ HTTP/1.1" 500 142363

Looking into django_x509/base/models.py dict SIGNATURE_MAPPING: are EC signatures and certificates/keys supported?
@nemesifier
Copy link
Member

I'm trying to importing an existing CA certificate which generates an error:

  File "/home/max/git/django-x509/django_x509/base/models.py", line 362, in _import
    self.digest = SIGNATURE_MAPPING[algorithm]
KeyError: 'ecdsa-with-SHA384'
[13/Jun/2021 00:03:38] "POST /admin/django_x509/ca/add/ HTTP/1.1" 500 142363

Looking into django_x509/base/models.py dict SIGNATURE_MAPPING: are EC signatures and certificates/keys supported?

@MEschenbacher looks like these are not supported:

django-x509/django_x509/base/models.py

Lines 39 to 45 in 9b3795e

SIGNATURE_MAPPING = {
'sha1WithRSAEncryption': 'sha1',
'sha224WithRSAEncryption': 'sha224',
'sha256WithRSAEncryption': 'sha256',
'sha384WithRSAEncryption': 'sha384',
'sha512WithRSAEncryption': 'sha512',
}

I guess these can be added with a bit of work.

How do you generate an ecdsa cert for testing purposes?

@MEschenbacher
Copy link
Author

Here's a minimal example for creation of the ecdsa certificate:

openssl ecparam -genkey -name secp384r1 | openssl ec -aes256 -out ca.key.pem
openssl req -new -sha384 -key ca.key.pem -out ca.req.pem
openssl req -x509 -sha384 -days 365 -key ca.key.pem -in ca.req.pem -out ca.cert.pem

@nemesifier nemesifier changed the title Importing existing CA: KeyError: 'ecdsa-with-SHA384' [feature] Importing existing CA: KeyError: 'ecdsa-with-SHA384' Jul 18, 2021
@sid-008
Copy link

sid-008 commented Jun 1, 2023

Hey there @nemesisdesign I'd like to take a shot at working on this, how do you propose I start?

@nemesifier
Copy link
Member

Hey there @nemesisdesign I'd like to take a shot at working on this, how do you propose I start?

Start with https://github.com/openwisp/django-x509#installing-for-development, then come to the dev chat to coordinate.

praptisharma28 added a commit to praptisharma28/django-x509 that referenced this issue May 16, 2024
@praptisharma28
[feature] Updated code to handle ECDSA signature algorithm openwisp#118
80113f0 
Fixes openwisp#118
@praptisharma28 praptisharma28 mentioned this issue May 16, 2024
Closed
praptisharma28 added a commit to praptisharma28/django-x509 that referenced this issue May 21, 2024
@praptisharma28
[change] Updated code to handle various algorithms openwisp#118
a27179f 
Fixes openwisp#118
praptisharma28 added a commit to praptisharma28/django-x509 that referenced this issue May 21, 2024
@praptisharma28
[change] Updated code to handle various algorithms openwisp#118
98c5193 
Fixes openwisp#118
@nemesifier
Copy link
Member

To support this feature properly, we must add a way to specify the algorithm used for generating the certificate, which now is hardcoded to be crypto.TYPE_RSA (RSA).

An attempt was made in #140.

@nemesifier nemesifier moved this to To do (Python & Django) in OpenWISP Contributor's Board Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
OpenWISP Contributor's Board
Status: To do (Python & Django)
OpenWISP Priorities for next releases
Status: To do
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[feature] Updated code to handle ECDSA signature algorithm #118 praptisharma28/django-x509
3 participants
@nemesifier @MEschenbacher @sid-008