flywithu/acme.sh
1
0
Fork 0
mirror of https://github.com/hiskang/acme.sh synced 2025-10-30 18:07:15 +00:00
Code Issues Releases Wiki Activity

Support ECC account key.

Browse Source 
fix https://github.com/Neilpang/acme.sh/issues/76

https://tools.ietf.org/html/rfc3278#section-8.2
http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature
http://davidederosa.com/basic-blockchain-programming/elliptic-curve-digital-signatures/
This commit is contained in:
neilpang 2016-10-27 00:06:03 +08:00
parent 5d6fd8099f
commit 998783eb9d
1 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
acme.sh
View File

@ -419,13 +419,29 @@ _sign() {
return 1 return 1
fi fi
_sign_openssl="openssl dgst -sign $keyfile "
if [ "$alg" = "sha256" ] ; then if [ "$alg" = "sha256" ] ; then
openssl dgst -sha256 -sign "$keyfile" | _base64 _sign_openssl="$_sign_openssl -$alg"
else else
_err "$alg is not supported yet" _err "$alg is not supported yet"
return 1 return 1
fi fi
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then
$_sign_openssl | _base64
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then
_signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"
_debug3 "_signedECText" "$_signedECText"
_ec_r="$(echo "$_signedECText" | _head_n 2 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")"
_debug3 "_ec_r" "$_ec_r"
_ec_s="$(echo "$_signedECText" | _head_n 3 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")"
_debug3 "_ec_s" "$_ec_s"
printf "%s" "$_ec_r$_ec_s" | _h2b | _base64
else
_err "Unknown key file format."
return 1
fi
} }
#keylength #keylength
@ -695,9 +711,6 @@ createAccountKey() {
fi fi
length=$1 length=$1
if _isEccKey "$length" ; then
length=2048
fi
if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then
_debug "Use default length 2048" _debug "Use default length 2048"
@ -852,7 +865,7 @@ _calcjwk() {
_debug3 pubi "$pubi" _debug3 pubi "$pubi"
pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)"
pubj=$(_math $pubj + 1) pubj=$(_math $pubj - 1)
_debug3 pubj "$pubj" _debug3 pubj "$pubj"
pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")"
@ -862,7 +875,7 @@ _calcjwk() {
xlen=$(_math $xlen / 4) xlen=$(_math $xlen / 4)
_debug3 xlen "$xlen" _debug3 xlen "$xlen"
xend=$(_math "$xend" + 1) xend=$(_math "$xlen" + 1)
x="$(printf $pubtext | cut -d : -f 2-$xend)" x="$(printf $pubtext | cut -d : -f 2-$xend)"
_debug3 x "$x" _debug3 x "$x"