-
-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ECDSA generation functions to crypto funcs #1388
Conversation
ECDSAGenerateKey takes one of Go's supported named NIST curves and an argument and returns a newly generated EC private key PEM encoded. ECDSADerivePublicKey takes a PEM encoded EC private key and derives the corresponding public key, which is returned PEM encoded.
Thanks for this, @jbro!! This looked super familiar and then I realized that I wrote almost exactly the same function in a local branch that I never ended up pushing 😅 I'll review this a bit later today when I have more time - there are a few changes from my original (local) design that I'd like made, as well we'll need documentation added. But overall this looks good! Thanks again! |
Great minds and all that :-) I'll` have a look and see if I can figure out how to add some documentation. |
- | | ||
$ gomplate -i '{{ $key := crypto.ECDSAGenerateKey "P-521" -}} | ||
{{ $pub := crypto.ECDSADerivePublicKey $key -}}' | ||
hello |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need for this example (plus hello
as an output doesn't make sense)
- | | |
$ gomplate -i '{{ $key := crypto.ECDSAGenerateKey "P-521" -}} | |
{{ $pub := crypto.ECDSADerivePublicKey $key -}}' | |
hello |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That example is "adapted" from the RSAGenerateKey
example, so maybe you want to remove the "hello" from there as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The difference is that the RSAGenerateKey
example also adds an encrypt & decrypt, so that output makes sense in that context.
$ gomplate -c privKey=./privKey.pem \ | ||
-i '{{ $pub := crypto.ECDSADerivePublicKey .privKey -}}' | ||
hello |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This'll fail with an error like:
20:40:00 ERR error="Datasources of type application/x-x509-ca-cert not yet supported" experimental=true
We'll need to use -d
instead to defer parsing, and then we can use include
to include without parsing. Alternatively we could use file.Read
, but I don't really like to encourage that 😉
How about this:
$ gomplate -c privKey=./privKey.pem \ | |
-i '{{ $pub := crypto.ECDSADerivePublicKey .privKey -}}' | |
hello | |
$ gomplate -d key=priv.pem -i '{{ crypto.ECDSADerivePublicKey (include "key") }}' | |
-----BEGIN PUBLIC KEY----- | |
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBZvTS1wcCJSsGYQUVoSVctynkuhke | |
kikB38iNwx/80jzdm+Z8OmRGlwH6OE9NX1MyxjvYMimhcj6zkaOKh1/HhMABrfuY | |
+hIz6+EUt/Db51awO7iCuRly5L4TZ+CnMAsIbtUOqsqwSQDtv0AclAuogmCst75o | |
aztsmrD79OXXnhUlURI= | |
-----END PUBLIC KEY----- |
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
b4e4ddb
to
975d119
Compare
@jbro thanks again for this - I've made a few tweaks and will merge soon. I've been thinking about some more generic |
That was super quick, thanks for the feedback and the merge :)
That's a good question. I don't know if the signing and encrypt/decrypt APIs for the different algorithms are similar enough that it is practical. Another thing to consider is that functions with more than one parameter look a bit weird and as I understand it can't be used with the |
It'd work with In other words, these are equivalent:
|
In that case I think it would look much neater as you suggest, with a single function per operation, which take the key scheme as a parameter. Do you think it would somehow be possible to "decorate" the output of |
Perhaps! I will take that into consideration 😉 |
ECDSAGenerateKey takes one of Go's supported named NIST curves and an
argument and returns a newly generated EC private key PEM encoded.
ECDSADerivePublicKey takes a PEM encoded EC private key and derives the
corresponding public key, which is returned PEM encoded.