Add support for loading Ed25519 keys from PKCS#11 and using them
Fixes #946 (closed)
I will have to look into testing this later if needed. So far tested manually in OpenSC, that I am able to load EdDSA Key into gnutls and use them to create self-signed certificate:
Key pair generated:
Private Key Object; EC_EDWARDS
label: EDDSA
ID: 05
Usage: decrypt, sign, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
Public Key Object; EC_EDWARDS EC_POINT 255 bits
EC_POINT: 0420aa0e50140a7f0c88f0cbcfb97a82f50814c22968f9547da18756a513b95ffbc6
EC_PARAMS: 130c656477617264733235353139
label: EDDSA
ID: 05
Usage: encrypt, verify, wrap, derive
Access: local
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 52200fa099f0b6dc47e0ac7edebedb27f3e9f871
Validity:
Not Before: Fri Feb 28 15:16:17 UTC 2020
Not After: Sat Feb 27 15:16:17 UTC 2021
Subject: O=OpenSC
Subject Public Key Algorithm: EdDSA (Ed25519)
Algorithm Security Level: High (256 bits)
Curve: Ed25519
X:
aa:0e:50:14:0a:7f:0c:88:f0:cb:cf:b9:7a:82:f5:08
14:c2:29:68:f9:54:7d:a1:87:56:a5:13:b9:5f:fb:c6
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: none@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
09322de3f242ea5066c96ae46c1b27104ac453be
Other Information:
Public Key ID:
sha1:09322de3f242ea5066c96ae46c1b27104ac453be
sha256:60bfb7e740ca4cd3ca05fae5a6bdc2a6be51d635e998e9a8bf9f31ea70356f1a
Public Key PIN:
pin-sha256:YL+350DKTNPKBfrlpr3Cpr5R1jXpmOmov58x6nA1bxo=
Signing certificate...
Using slot 0 with a present token (0x1b840330)
Created certificate:
Certificate Object; type = X.509 cert
label: EDDSA
subject: DN: O=OpenSC
ID: 05
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code