Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade codebase to cryptography v42+ #6

Open
smlu opened this issue May 20, 2024 · 4 comments
Open

Upgrade codebase to cryptography v42+ #6

smlu opened this issue May 20, 2024 · 4 comments

Comments

@smlu
Copy link
Member

smlu commented May 20, 2024

Cryptography v42 introduces breaking changes by removing support for bare bone OpenSSL interactions.
Specifically, it breaks Dss1Verifier._recover_F and EC key initialization.
@Ibernato93
Copy link

Ibernato93 commented Sep 23, 2024
edited
Loading

When fix this problem? @smlu @nejc-skerjanc

@smlu
Copy link
Member Author

smlu commented Sep 25, 2024

It's not planned in foreseeable future, however we would accept PR if someone provided it.

@Ibernato93
Copy link

Ibernato93 commented Sep 27, 2024
edited
Loading

the problem is that the cryptography library is not compatible with explicit parameters to obtain keys. We probably need to use openssl for verification.

@smlu
Copy link
Member Author

smlu commented Sep 27, 2024

This is the main issue with porting pymrtd to work with recent versions of cryptography.
Atm pymrtd circumvent explicit EC params issue by hooking onto _EllipticCurvePublicKey.__init__ (pymrtd/pki/keys.py#L258C5-L270)). Cryptography v42 was drastically refactored and broke this hack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smlu @Ibernato93