Support ES256 JWK Algo #628
Conversation
Signed-off-by: Joshua Rubin <jrubin@zvelo.com>
Signed-off-by: Joshua Rubin <jrubin@zvelo.com>
There was a problem hiding this comment.
Thank you for your changes, again :)
However, I can't support further divergence of 0.9.x and 0.10.x - 0.9 is advertised as pre-relase and not LTS and I don't want to give the impression that 0.9 is encouraged. If you have issues with upgrading to 0.10 I can help you with that, as you've got so much done here.
|
I agree with you, that's why I have updated the |
|
Ok awesome, that works for me - I'll make a code review and merge if everything checks out! |
| @@ -27,6 +27,6 @@ var keysCreateCmd = &cobra.Command{ | |||
|
|
|||
| func init() { | |||
| keysCmd.AddCommand(keysCreateCmd) | |||
| keysCreateCmd.Flags().StringP("alg", "a", "", "REQUIRED name that identifies the algorithm intended for use with the key. Supports: RS256, ES521, HS256") | |||
| keysCreateCmd.Flags().StringP("alg", "a", "", "REQUIRED name that identifies the algorithm intended for use with the key. Supports: RS256, ES256, ES521, HS256") | |||
There was a problem hiding this comment.
Do you think we should remove ES521 completely?
I think this is all that's necessary to support #627
It looks like support for ES256 is available (
jwk/generator_ecdsa256.go), but that the JWK handler doesn't support it (https://github.com/ory/hydra/blob/master/jwk/handler.go#L27-L38).Go's P-256 is implementation is constant-time (which prevents certain types of attacks) while its P-384 and P-521 are not (https://github.com/gtank/cryptopasta).