Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support keys with ED25519 algorithm #216

Open
ckuhlmann opened this issue Dec 7, 2022 · 0 comments
Open

Support keys with ED25519 algorithm #216

ckuhlmann opened this issue Dec 7, 2022 · 0 comments

Comments

@ckuhlmann
Copy link

When trying to use signxml with an ED25519 key/cert, I get the following exception:

_Ed25519PrivateKey.sign() got an unexpected keyword argument 'padding'
  File "[...]\Python310\site-packages\signxml\signer.py", line 252, in sign
    signature = signing_settings.key.sign(signed_info_c14n, padding=PKCS1v15(), algorithm=hash_alg)
  File "[...]\mycode.py", line 8, in <module>
    signed_root = xs.sign(root, key=key, cert=cert)
  File "C:\Program Files\Python310\Lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Program Files\Python310\Lib\runpy.py", line 196, in _run_module_as_main (Current frame)
    return _run_code(code, main_globals, None,

When calling signing_settings.key.sign() with no arguments except the data, line 252 works, but I haven't checked for any errors that might follow.

My code:

from lxml import etree
from signxml import XMLSigner, XMLVerifier
data_to_sign = '<root><a><b/>abc</a></root>'
cert = open("xyz_svr_chain.pem").read()
key = open("xyz_svr.key").read()
root = etree.fromstring(data_to_sign)
xs = XMLSigner()
signed_root = xs.sign(root, key=key, cert=cert)

and this is the info for the cert and ca-cert:

CSR:

Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: O = XYZ, C = DE, CN = srv.xyz.lab.corpxyz.com
        Subject Public Key Info:
            Public Key Algorithm: ED25519
                ED25519 Public-Key:
                pub:
                    04:50:85:02:7c:69:74:b1:ab:77:0d:73:06:1d:ff:
                    e5:e4:2b:90:ff:27:6d:2a:7a:05:89:fe:64:b1:ec:
                    d8:9d
        Attributes:
        Requested Extensions:
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, Code Signing, E-mail Protection, Time Stamping
            X509v3 Subject Alternative Name:
                DNS:srv.xyz.lab.corpxyz.com, DNS:srvr.xyz.lab.corpxyz.com, DNS:localhost
    Signature Algorithm: ED25519
         c9:79:f3:ce:1f:91:ef:62:69:8d:58:2f:3b:18:62:57:9c:bf:
         34:f3:b6:cb:8f:de:f5:16:89:1d:2c:47:2d:e4:ab:8d:31:3f:
         bc:05:80:94:ab:cd:63:d9:39:b2:a6:1f:00:a7:8c:5f:d9:b0:
         1b:03:f9:c7:6b:ae:1d:4b:99:0e

Cert:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            50:2b:c5:f3:c3:ca:8c:7d:5f:bf:8b:de:60:8d:ad:58:84:90:22:95
        Signature Algorithm: ED25519
        Issuer: O = XYZ, C = DE, CN = ca.xyz.lab.corpxyz.com
        Validity
            Not Before: Dec  7 17:27:24 2022 GMT
            Not After : Nov 13 17:27:24 2122 GMT
        Subject: O = XYZ, C = DE, CN = srv.xyz.lab.corpxyz.com
        Subject Public Key Info:
            Public Key Algorithm: ED25519
                ED25519 Public-Key:
                pub:
                    04:50:85:02:7c:69:74:b1:ab:77:0d:73:06:1d:ff:
                    e5:e4:2b:90:ff:27:6d:2a:7a:05:89:fe:64:b1:ec:
                    d8:9d
    Signature Algorithm: ED25519
         03:3b:66:4f:65:ba:92:02:94:c7:37:8d:59:f2:44:c2:b9:ce:
         33:e6:c0:a6:38:3d:6e:f9:ec:fe:01:d8:af:ef:8c:e6:73:36:
         e5:94:15:d0:c0:f7:6d:11:62:6d:8f:d2:48:7d:6f:06:41:e0:
         4e:5b:51:9d:2c:22:ae:c9:8e:03

CA-Cert:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            5f:2a:43:7c:09:27:94:32:bb:99:18:48:f2:da:12:a4:2e:fb:62:94
        Signature Algorithm: ED25519
        Issuer: O = XYZ, C = DE, CN = ca.xyz.lab.corpxyz.com
        Validity
            Not Before: Dec  7 17:27:21 2022 GMT
            Not After : Nov 13 17:27:21 2122 GMT
        Subject: O = XYZ, C = DE, CN = ca.xyz.lab.corpxyz.com
        Subject Public Key Info:
            Public Key Algorithm: ED25519
                ED25519 Public-Key:
                pub:
                    71:c4:53:63:be:90:16:bb:a6:9c:cd:06:06:6f:56:
                    ba:d1:33:a7:96:0b:07:78:7f:35:4b:1b:ed:db:f0:
                    3f:36
    Signature Algorithm: ED25519
         b8:8e:06:34:bf:5c:f3:28:6c:d2:53:1c:4d:a8:cf:51:8c:22:
         29:cb:e8:ef:97:cb:c5:10:2d:55:b6:bc:7d:fa:0c:63:a9:7d:
         48:15:a6:f1:71:ca:06:0a:71:3e:e7:e9:66:dc:58:b1:80:80:
         ca:59:38:de:b2:23:06:a5:ae:04

Script to generate the certificate is attached.

Please note that I'm not an expert considering certificate generation, so I might have made a mistake there.

Kind regards,
Chris

certgen_script.zip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ckuhlmann