Giters

kristapsdz / acme-client

secure ACME client

Home Page:https://kristaps.bsd.lv/acme-client

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support ECDSA keys

Warr1024 opened this issue · comments

commented

acme-client doesn't seem to support ECDSA keys yet (for use in the cert, not as the account key), though Let's Encrypt has added support for them.

It would be very nice to at least support loading an externally-generated key, even if having acme-client generate them is too complicated.

commented

I now support ECSDA keys for the certificate. Let's Encrypt restricts which kind you can use: acme-client won't check which one you're using. E.g.:

    Data:
        Version: 3 (0x2)
        Serial Number:
            fa:b3:f8:a0:44:eb:98:f9:c9:2b:87:26:78:45:4f:f0:d0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Fake LE Intermediate X1
        Validity
            Not Before: Oct 31 18:33:00 2016 GMT
            Not After : Jan 29 18:33:00 2017 GMT
        Subject: CN=xxxxxxxxxx
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    [blahblahblah]
                ASN1 OID: secp384r1
                NIST CURVE: P-384