ECDSA account key


#1

Hi,
i tried to test the new account key but ran into an problem.

{“type”:“urn:acme:error:malformed”,“detail”:“algorithm ‘ES256’ in JWS header not acceptable”,“status”:400}


#2

It looks like there’s a mismatch between the key you’re using and the signature algorithm you’re specifying. A JWS header specifying an algorithm of “ES256” must correspond to a JWK with an algorithm of “ES256”. Are you perhaps using a different type of key?


#3

I should use the correct key type. But i can understand the question since this is an new account key type.

{“header”: {“alg”: “ES256”, “jwk”: {“crv”: “P-384”, “kty”: “EC”, “x”: “zMIk-N–JuN8vNVPGogS1T0iy7oZDIbaCrZUjA5b-T35XWBp5AcmL8JIxJPDRmQi”, “y”: “Nt8xva5rZJ-0uWJgO-0aR0OS8PywgFH4HjD6f0a70JbqEy4XPvsZjRgH5d6WLCMO”}}, “protected”: “eyJub25jZSI6ICJmS1NzZmM5NVBlU3VuZXFpdDJuTXpfM0dQSUJKMVpqbmZZMk9vY0lXNmVrIn0”, “payload”: “eyJhZ3JlZW1lbnQiOiAiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIiwgImNvbnRhY3QiOiBbIm1haWx0bzp0ZXN0MUBzdWNoZS5vcmciXSwgInJlc291cmNlIjogIm5ldy1yZWcifQ”, “signature”: “MGUCMG00hYQmp87EYGhZh-DK07QYAdVldLrspWyKebqis2poHJ4bF-yNhSQXCRD9JUZO-wIxALioMdMwuMhg4CmGo3Hig8rRoBd5HxDZpIbJsJFgp6LTinupJsbx6ayv4VNmSwmVTg”}
206 ms POST https://acme-staging.api.letsencrypt.org/acme/new-reg HTTP-400 Bad Request {“type”:“urn:acme:error:malformed”,“detail”:“algorithm ‘ES256’ in JWS header not acceptable”,“status”:400}


#4

You’re trying to use the ES256 algorithm with a P-384 key. You need to specify the ES384 algorithm for a P-384 key.


#5

My mistake i thought that the hash length isl like RSA independent from the key length.


#6

The ECC key length and SHA-2 hash type is “coupled” apparently:

From RFC 7518:

+--------------+-------------------------------+--------------------+
| "alg" Param  | Digital Signature or MAC      | Implementation     |
| Value        | Algorithm                     | Requirements       |
+--------------+-------------------------------+--------------------+
| HS256        | HMAC using SHA-256            | Required           |
| HS384        | HMAC using SHA-384            | Optional           |
| HS512        | HMAC using SHA-512            | Optional           |
| RS256        | RSASSA-PKCS1-v1_5 using       | Recommended        |
|              | SHA-256                       |                    |
| RS384        | RSASSA-PKCS1-v1_5 using       | Optional           |
|              | SHA-384                       |                    |
| RS512        | RSASSA-PKCS1-v1_5 using       | Optional           |
|              | SHA-512                       |                    |
| ES256        | ECDSA using P-256 and SHA-256 | Recommended+       |
| ES384        | ECDSA using P-384 and SHA-384 | Optional           |
| ES512        | ECDSA using P-521 and SHA-512 | Optional           |
| PS256        | RSASSA-PSS using SHA-256 and  | Optional           |
|              | MGF1 with SHA-256             |                    |
| PS384        | RSASSA-PSS using SHA-384 and  | Optional           |
|              | MGF1 with SHA-384             |                    |
| PS512        | RSASSA-PSS using SHA-512 and  | Optional           |
|              | MGF1 with SHA-512             |                    |
| none         | No digital signature or MAC   | Optional           |
|              | performed                     |                    |
+--------------+-------------------------------+--------------------+

#7

The table i already found. The last point that did make trouble was the DER(r,s) vs. CONCAT(r,s) encoding.
Now i can also work with account keys in EC format.

So again the question is there any date known when this will go productive ?


#8

@tlussnig, the other developers advised me that there was a pull request merged on Boulder to add ECDSA account key support:

Edit: they also told me that the ECDSA account key support should be activated in production at the same time as ECDSA subject keys are, so that is a milestone you can keep an eye out for.


#9

For the milestone there is one issue open “https://github.com/letsencrypt/boulder/issues/792” and this should be in place right now since it is in staging.So even this point can be closed and the milestone would have 100%.