[gnutls-devel] GnuTLS | Add support for loading Ed25519 keys from PKCS#11 and using them (!1200)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Feb 28 16:26:44 CET 2020

Jakub Jelen created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1200

Project:Branches: jjelen/gnutls:eddsa-pkcs11 to gnutls/gnutls:master
Author:    Jakub Jelen

Fixes #946 

I will have to look into testing this later if needed. So far tested manually in OpenSC, that I am able to load EdDSA Key into gnutls and use them to create self-signed certificate:
Key pair generated:
Private Key Object; EC_EDWARDS
  label:      EDDSA
  ID:         05
  Usage:      decrypt, sign, unwrap, derive
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; EC_EDWARDS  EC_POINT 255 bits
  EC_POINT:   0420aa0e50140a7f0c88f0cbcfb97a82f50814c22968f9547da18756a513b95ffbc6
  EC_PARAMS:  130c656477617264733235353139
  label:      EDDSA
  ID:         05
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Generating a self signed certificate...
X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 52200fa099f0b6dc47e0ac7edebedb27f3e9f871
		Not Before: Fri Feb 28 15:16:17 UTC 2020
		Not After: Sat Feb 27 15:16:17 UTC 2021
	Subject: O=OpenSC
	Subject Public Key Algorithm: EdDSA (Ed25519)
	Algorithm Security Level: High (256 bits)
		Curve:	Ed25519
		Basic Constraints (critical):
			Certificate Authority (CA): FALSE
		Subject Alternative Name (not critical):
			RFC822Name: none at example.org
		Key Usage (critical):
			Digital signature.
		Subject Key Identifier (not critical):
Other Information:
	Public Key ID:
	Public Key PIN:

Signing certificate...
Using slot 0 with a present token (0x1b840330)
Created certificate:
Certificate Object; type = X.509 cert
  label:      EDDSA
  subject:    DN: O=OpenSC
  ID:         05

## Checklist
 * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [X] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1200
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200228/693f7931/attachment-0001.html>

More information about the Gnutls-devel mailing list