Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: RSA key generation support #296

Closed
cpu opened this issue Dec 13, 2023 · 1 comment · Fixed by #315
Closed

feature request: RSA key generation support #296

cpu opened this issue Dec 13, 2023 · 1 comment · Fixed by #315

Comments

@cpu
Copy link
Contributor

cpu commented Dec 13, 2023

Problem:

It looks as though aws-lc-rs shares the same API limitation as ring with respect to key generation being supported for EcdsaKeyPair and Ed25519KeyPair, but not RsaKeyPair.

As we're evaluating using aws-lc-rs as a backend for rcgen it would be really nice if aws-lc-rs supported RSA key generation. There's a class of use-case (e.g. Rustls' integration tests) where we have to use the openssl command line in order to generate RSA keypairs. Having support for this in rcgen would make replacing that usage feasible.

Solution:

aws-lc-rs could augment the RsaKeyPair struct to offer methods for generating a keypair comparable to those offered by Ed25519KeyPair and EcdsaKeyPair.

  • Does this change any public APIs? Yes: the RsaKeyPair struct would gain a generate_pkcs8 and possibly a generate_pkcs1 fns.
  • Which algorithm(s) will this impact? RSA.

Requirements / Acceptance Criteria:

It must be possible to generate an RSA keypair with both the public and private components. It should be convenient to load the serialized private key using the existing RsaKeyPair::from_pkcs8 and RsaKeyPair::from_der methods. Acceptance should look something like an end-to-end test generating a RSA keypair, loading it, using it to produce a signature, and then verifying the signature.
@cpu cpu mentioned this issue Dec 13, 2023
Merged
@skmcgrail
Copy link
Member

I have a branch for RSA OAEP support that also adds RSA key generation. I just need to rebase that branch and open a PR for the change.

@skmcgrail skmcgrail mentioned this issue Dec 20, 2023
Merged
@stormshield-gt stormshield-gt mentioned this issue Jan 11, 2024
Merged
github-merge-queue bot pushed a commit to rustls/rcgen that referenced this issue Jan 12, 2024
@stormshield-gt
choose a crypto_provider for rustls_cert_gen (#206)
a3831c9 
From the release 0.12 of rcgen #202
, we must now choose `ring` or `aws_lc_rc` as a feature.
Because `rustls_cert_gen` has `default-features = false`, its build is
currently broken.

This PR activate `aws_lc_rc` feature, because soon it will get RSA key
generation support aws/aws-lc-rs#296 , so it
will provide more options.

But we could also change it to default to whatever `rcgen` default or
use `ring` as default depending on your preferences.
@skmcgrail skmcgrail mentioned this issue Jan 19, 2024
Merged
@est31 est31 mentioned this issue Jan 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

RSA Key Generation Support skmcgrail/aws-lc-rs
2 participants
@cpu @skmcgrail