Hi,
i tried to test the new account key but ran into an problem.
{“type”:“urn:acme:error:malformed”,“detail”:“algorithm ‘ES256’ in JWS header not acceptable”,“status”:400}
It looks like there’s a mismatch between the key you’re using and the signature algorithm you’re specifying. A JWS header specifying an algorithm of “ES256” must correspond to a JWK with an algorithm of “ES256”. Are you perhaps using a different type of key?
I should use the correct key type. But i can understand the question since this is an new account key type.
{"header": {"alg": "ES256", "jwk": {"crv": "P-384", "kty": "EC", "x": "zMIk-N--JuN8vNVPGogS1T0iy7oZDIbaCrZUjA5b-T35XWBp5AcmL8JIxJPDRmQi", "y": "Nt8xva5rZJ-0uWJgO-0aR0OS8PywgFH4HjD6f0a70JbqEy4XPvsZjRgH5d6WLCMO"}}, "protected": "eyJub25jZSI6ICJmS1NzZmM5NVBlU3VuZXFpdDJuTXpfM0dQSUJKMVpqbmZZMk9vY0lXNmVrIn0", "payload": "eyJhZ3JlZW1lbnQiOiAiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIiwgImNvbnRhY3QiOiBbIm1haWx0bzp0ZXN0MUBzdWNoZS5vcmciXSwgInJlc291cmNlIjogIm5ldy1yZWcifQ", "signature": "MGUCMG00hYQmp87EYGhZh-DK07QYAdVldLrspWyKebqis2poHJ4bF-yNhSQXCRD9JUZO-wIxALioMdMwuMhg4CmGo3Hig8rRoBd5HxDZpIbJsJFgp6LTinupJsbx6ayv4VNmSwmVTg"}
206 ms POST https://acme-staging.api.letsencrypt.org/acme/new-reg HTTP-400 Bad Request {"type":"urn:acme:error:malformed","detail":"algorithm 'ES256' in JWS header not acceptable","status":400}
You’re trying to use the ES256 algorithm with a P-384 key. You need to specify the ES384 algorithm for a P-384 key.
My mistake i thought that the hash length isl like RSA independent from the key length.
The ECC key length and SHA-2 hash type is “coupled” apparently:
From RFC 7518:
+--------------+-------------------------------+--------------------+
| "alg" Param | Digital Signature or MAC | Implementation |
| Value | Algorithm | Requirements |
+--------------+-------------------------------+--------------------+
| HS256 | HMAC using SHA-256 | Required |
| HS384 | HMAC using SHA-384 | Optional |
| HS512 | HMAC using SHA-512 | Optional |
| RS256 | RSASSA-PKCS1-v1_5 using | Recommended |
| | SHA-256 | |
| RS384 | RSASSA-PKCS1-v1_5 using | Optional |
| | SHA-384 | |
| RS512 | RSASSA-PKCS1-v1_5 using | Optional |
| | SHA-512 | |
| ES256 | ECDSA using P-256 and SHA-256 | Recommended+ |
| ES384 | ECDSA using P-384 and SHA-384 | Optional |
| ES512 | ECDSA using P-521 and SHA-512 | Optional |
| PS256 | RSASSA-PSS using SHA-256 and | Optional |
| | MGF1 with SHA-256 | |
| PS384 | RSASSA-PSS using SHA-384 and | Optional |
| | MGF1 with SHA-384 | |
| PS512 | RSASSA-PSS using SHA-512 and | Optional |
| | MGF1 with SHA-512 | |
| none | No digital signature or MAC | Optional |
| | performed | |
+--------------+-------------------------------+--------------------+
1 Like
The table i already found. The last point that did make trouble was the DER(r,s) vs. CONCAT(r,s) encoding.
Now i can also work with account keys in EC format.
So again the question is there any date known when this will go productive ?
@tlussnig, the other developers advised me that there was a pull request merged on Boulder to add ECDSA account key support:
Edit: they also told me that the ECDSA account key support should be activated in production at the same time as ECDSA subject keys are, so that is a milestone you can keep an eye out for.
For the milestone there is one issue open “https://github.com/letsencrypt/boulder/issues/792” and this should be in place right now since it is in staging.So even this point can be closed and the milestone would have 100%.