Use deterministic signatures for ECDSA keys.
This is now considered the preffered approach across the board for ECDSA. This is because with the traditional, random "k" parameter for ECDSA, any entropy problems at all, even a single bit, about "k", results in a complete compromise (see https://en.wikipedia.org/wiki/ECDSA#Security). The deterministic algorithm doesn't have this downside.
This commit is contained in:
parent
4eb7720fae
commit
fded67e712
|
@ -21,6 +21,8 @@ L{ECDSAKey}
|
|||
"""
|
||||
|
||||
import binascii
|
||||
import hashlib
|
||||
|
||||
from ecdsa import SigningKey, VerifyingKey, der, curves
|
||||
from Crypto.Hash import SHA256
|
||||
from ecdsa.test_pyecdsa import ECDSA
|
||||
|
@ -98,9 +100,8 @@ class ECDSAKey (PKey):
|
|||
return self.signing_key is not None
|
||||
|
||||
def sign_ssh_data(self, rpool, data):
|
||||
digest = SHA256.new(data).digest()
|
||||
sig = self.signing_key.sign_digest(digest, entropy=rpool.read,
|
||||
sigencode=self._sigencode)
|
||||
sig = self.signing_key.sign_deterministic(
|
||||
data, sigencode=self._sigencode, hashfunc=hashlib.sha256)
|
||||
m = Message()
|
||||
m.add_string('ecdsa-sha2-nistp256')
|
||||
m.add_string(sig)
|
||||
|
|
Loading…
Reference in New Issue