Use deterministic signatures for ECDSA keys.
This is now considered the preffered approach across the board for ECDSA. This is because with the traditional, random "k" parameter for ECDSA, any entropy problems at all, even a single bit, about "k", results in a complete compromise (see https://en.wikipedia.org/wiki/ECDSA#Security). The deterministic algorithm doesn't have this downside.
This commit is contained in:
Alex Gaynor
parent
4eb7720fae
commit
fded67e712
|
|
@ -21,6 +21,8 @@ L{ECDSAKey}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import binascii
|
import binascii
|
||||||
|
import hashlib
|
||||||
|
|
||||||
from ecdsa import SigningKey, VerifyingKey, der, curves
|
from ecdsa import SigningKey, VerifyingKey, der, curves
|
||||||
from Crypto.Hash import SHA256
|
from Crypto.Hash import SHA256
|
||||||
from ecdsa.test_pyecdsa import ECDSA
|
from ecdsa.test_pyecdsa import ECDSA
|
||||||
|
|
@ -98,9 +100,8 @@ class ECDSAKey (PKey):
|
||||||
return self.signing_key is not None
|
return self.signing_key is not None
|
||||||
|
|
||||||
def sign_ssh_data(self, rpool, data):
|
def sign_ssh_data(self, rpool, data):
|
||||||
digest = SHA256.new(data).digest()
|
sig = self.signing_key.sign_deterministic(
|
||||||
sig = self.signing_key.sign_digest(digest, entropy=rpool.read,
|
data, sigencode=self._sigencode, hashfunc=hashlib.sha256)
|
||||||
sigencode=self._sigencode)
|
|
||||||
m = Message()
|
m = Message()
|
||||||
m.add_string('ecdsa-sha2-nistp256')
|
m.add_string('ecdsa-sha2-nistp256')
|
||||||
m.add_string(sig)
|
m.add_string(sig)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue