x/crypto/acme: The client does not correctly support ES512 signatures. #18357
Labels
Milestone
Comments
|
It looks like the error is coming from LetsEncrypt, and not Go's client library. Correct me if I'm wrong. Can other users use P512 with LetsEncrypt? Note that only Go's P256 implementation is both fast (in assembly on amd64 and s390x currently) and constant-time, and LetsEncrypt is largely written in Go, which might be why they don't accept other curves. |
|
Oh, now I see your CL. |
|
CL https://golang.org/cl/34555 mentions this issue. |
rsc
changed the title
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 28, 2022
The correct curve name for ES512 signatures is P-521, not P-512. Author: Matthew Endsley <mendsley@gmail.com>. Fixes golang/go#18357. Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34 Reviewed-on: https://go-review.googlesource.com/34555 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 29, 2022
The correct curve name for ES512 signatures is P-521, not P-512. Author: Matthew Endsley <mendsley@gmail.com>. Fixes golang/go#18357. Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34 Reviewed-on: https://go-review.googlesource.com/34555 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
LewiGoddard
pushed a commit
to LewiGoddard/crypto
that referenced
this issue
Feb 16, 2023
The correct curve name for ES512 signatures is P-521, not P-512. Author: Matthew Endsley <mendsley@gmail.com>. Fixes golang/go#18357. Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34 Reviewed-on: https://go-review.googlesource.com/34555 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
BiiChris
pushed a commit
to BiiChris/crypto
that referenced
this issue
Sep 15, 2023
The correct curve name for ES512 signatures is P-521, not P-512. Author: Matthew Endsley <mendsley@gmail.com>. Fixes golang/go#18357. Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34 Reviewed-on: https://go-review.googlesource.com/34555 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
desdeel2d0m
added a commit
to desdeel2d0m/crypto
that referenced
this issue
Jul 1, 2024
The correct curve name for ES512 signatures is P-521, not P-512. Author: Matthew Endsley <mendsley@gmail.com>. Fixes golang/go#18357. Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34 Reviewed-on: https://go-review.googlesource.com/34555 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What version of Go are you using (
go version)?go version go1.7 linux/amd64
What did you do?
Use a elliptic.P521() key for the acme client signer
example:
https://gist.github.com/mendsley/840ce420b1769b05b4e2a22b12538e8e
What did you expect to see?
No output - Acme client correctly signed request using EC512 key
What did you see instead?
output "Should support ES512 signatures"
The text was updated successfully, but these errors were encountered: