Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/acme: The client does not correctly support ES512 signatures. #18357

Closed
mendsley opened this issue Dec 16, 2016 · 3 comments
Closed

Comments

@mendsley
Copy link

What version of Go are you using (go version)?

go version go1.7 linux/amd64

What did you do?

Use a elliptic.P521() key for the acme client signer

example:
https://gist.github.com/mendsley/840ce420b1769b05b4e2a22b12538e8e

What did you expect to see?

No output - Acme client correctly signed request using EC512 key

What did you see instead?

output "Should support ES512 signatures"

@bradfitz
Copy link
Contributor

It looks like the error is coming from LetsEncrypt, and not Go's client library. Correct me if I'm wrong. Can other users use P512 with LetsEncrypt?

Note that only Go's P256 implementation is both fast (in assembly on amd64 and s390x currently) and constant-time, and LetsEncrypt is largely written in Go, which might be why they don't accept other curves.

@bradfitz
Copy link
Contributor

Oh, now I see your CL.

@bradfitz bradfitz reopened this Dec 16, 2016
@gopherbot
Copy link

CL https://golang.org/cl/34555 mentions this issue.

@rsc rsc added this to the Soon milestone Jan 4, 2017
@rsc rsc changed the title acme: The client does not correctly support ES512 signatures. x/crypto/acme: The client does not correctly support ES512 signatures. Jan 4, 2017
@bradfitz bradfitz modified the milestones: Unreleased, Soon Feb 19, 2017
@golang golang locked and limited conversation to collaborators Apr 25, 2018
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
The correct curve name for ES512 signatures is P-521, not P-512.
Author: Matthew Endsley <mendsley@gmail.com>.

Fixes golang/go#18357.

Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34
Reviewed-on: https://go-review.googlesource.com/34555
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
The correct curve name for ES512 signatures is P-521, not P-512.
Author: Matthew Endsley <mendsley@gmail.com>.

Fixes golang/go#18357.

Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34
Reviewed-on: https://go-review.googlesource.com/34555
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
The correct curve name for ES512 signatures is P-521, not P-512.
Author: Matthew Endsley <mendsley@gmail.com>.

Fixes golang/go#18357.

Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34
Reviewed-on: https://go-review.googlesource.com/34555
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
The correct curve name for ES512 signatures is P-521, not P-512.
Author: Matthew Endsley <mendsley@gmail.com>.

Fixes golang/go#18357.

Change-Id: I8d9ba046780921a9e1a5eaa947b9bcbd12e60e34
Reviewed-on: https://go-review.googlesource.com/34555
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants