-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for signing algorithms found in AWS KMS #93
Comments
there's currently work going on to add support for ECDSA signatures, and we plan to add it to the spec soon. The main issue right now is finding key and signature serialization formats that would be broadly usable across languages (with existing implementations, etc). |
Thanks for the context and linking the existing work. I do appreciate your purview is broader with support for multiple languages, maintainability etc; it makes sense using Rust in the long term. My team is fortunately only concerned with Java. We have decided to take the protobuf changes for |
Great! I've written down how the serialization of P256 should happen in a spec PR. It might be a bit different from the initial rust test, because I want to make sure it can work across implementations. These requirements should work well with bouncycastle |
We are looking at using Biscuit auth in our application but we are currently blocked with only
Ed25519
being supported for signing and verification. The reason we would like other algorithms is so we can have our keys managed by AWS KMS and KMS currently does not supportEd25519
.Is there anything in the roadmap to have more algorithm support? If not, we can submit a PR to add support for the
ECC_*
algorithms in KMS along with external signing provider support. However we can only add this to the Java implementation. Would this be something that would be accepted and released or do you require the changes made to the other supported languages?The text was updated successfully, but these errors were encountered: