ECDSA PKCS#8

[andrewbaxter]

Moving this from #1884

I feel like I'm way out of my depth here, but ec::suite_b::key_pair_from_pkcs8 doesn't look like pkcs8 as I understand it. The code extracts a header (1), then the private key, then the algorithm which looks like the SEC1 ASN.1 encoding, whereas PKCS8 has version (0), then the algorithm, then the private key. But I guess whether it's PKCS#8 or SEC1 it includes the algorithm identifier with curve information.

Am I reading that wrong? I'm still trying to figure out the full taxonomy of crypto data type formats

[briansmith]

It's hard for me to remember all the details, but here's the documentation about the format we're intending to support: https://docs.rs/ring/latest/ring/signature/struct.EcdsaKeyPair.html#method.generate_pkcs8.

[andrewbaxter]

Ah right, thanks! Okay, on closer look pkcs8::unwrap_key is doing the pkcs8 reading, not the ec_private_key.read_all section below it.

The keys extracted from pkcs8 have another layer of asn.1 wrapping defined in RFC 5915, which happens to look very similar to SEC1. That's what ec_private_key.read_all does.