Is it possible for this script to support ECDSA ? #83
Comments
|
Hmmm, maybe, but can it be added and keep the script under 200 lines? |
|
I implemented EC keys support, but I haven't noticed 200 SLOC disclaimer (sorry!), so, if you count the empty lines and comments, the script grew above the threshold. Well, I guess I can easily cut out at least 11 lines that parse DER, by making code more cryptic (will have to rely on "magic" offsets instead of calling |
|
Uh. Well, I had managed to squeezed everything down to 200 lines exactly, but that went against the very idea of why the limitation is there and felt like participating into an obfuscated programming contest. I don't like what I did, and did that only to see if having low I think I'll give up at this point. It works for me, anyway. Whoever has any good idea how to make this into a good PR, suitable for the project, please do so. |
|
I agree with @drdaeman . |
|
Make it a round number: 256 lines. |
|
You can get ECDSA server certificates without any changes, which is what the thread linked was regarding. Do they accept ECDSA account keys? |
|
ECDSA works great. As you can see @ https://www.weblogzwolle.nl also with a secp384r1 curve. This is how I do it, maybe it helps you: http://pastebin.com/cRAtip4z |
|
Confirmed, using info from paste that @HansVanEijsden gave I was able to create ECDSA-certificate. More accurately: I used mine RSA account.key (I believe that doens't matter here, it is for authenticating "me" into LE, not relating to certificate itself) and EC domain.key. Currently Lets Encrypt only has RSA intermediate, but that will also change in the future. I don't know will LE/ACME/Boulder automatically sign EC.csr with EC-intermediate or does it involve some sort of manual switch/parameter... This is something acme-tiny might need to be prepared when it happends (currently their upcoming features says "Before March 31, 2017". Otherwise EC(DSA) certificate making works well in current situation. |
|
Any update on merging this ? |
|
One can always fork it ... I'm using my own fork, but need to upgrade it as well. |
|
So what is the problem? ECDSA-certs already... Just read this ticket... |
|
I was actually speaking of @drdaeman implementation of ECDSA account key support, ecdsa for domain key is already supported. |
|
Ah.. well.. this ticket was originally AFAIK about ECDSA cert-key, not account... |
|
@rotanid I do still very much care about acme-tiny and I use it in my systems all the time. Adding features !== not caring. As far as ECDSA support, I'm open to pull requests as long as it stays tiny. I just haven't started playing around with them very much myself so I haven't dug into how hard that would be. |
|
So, could we just close this ticket as ECDSA certifikate (keys) works without problems with current script, as they have always, or what are we really waiting for? :) |
|
I think is about ECDSA account keys, not domain certificate keys, right? |
|
AFAIK original question was not about account keys, while at almost immediately by some twist or oversight talk steered into account keys... if we are purely talking about acconut keys, then maybe change title or do new more specific issue? :) |
Hello,
Let's Encrypt now support ECC keys,is it possible for you to update this script ?
You can check here:
https://community.letsencrypt.org/t/ecdsa-testing-on-staging/8809
Thank you for your kind reply.
Li
The text was updated successfully, but these errors were encountered: