Comments (19)
I agree with @drdaeman .
It's preferable to increase a bit the number of lines and update the main README "200 SLOC" → "250 SLOC", than to write semi-obfuscated code.
from acme-tiny.
AFAIK original question was not about account keys, while at almost immediately by some twist or oversight talk steered into account keys... if we are purely talking about acconut keys, then maybe change title or do new more specific issue? :)
from acme-tiny.
Make it a round number: 256 lines.
from acme-tiny.
Confirmed, using info from paste that @HansVanEijsden gave I was able to create ECDSA-certificate. More accurately: I used mine RSA account.key (I believe that doens't matter here, it is for authenticating "me" into LE, not relating to certificate itself) and EC domain.key.
Currently Lets Encrypt only has RSA intermediate, but that will also change in the future. I don't know will LE/ACME/Boulder automatically sign EC.csr with EC-intermediate or does it involve some sort of manual switch/parameter... This is something acme-tiny might need to be prepared when it happends (currently their upcoming features says "Before March 31, 2017". Otherwise EC(DSA) certificate making works well in current situation.
from acme-tiny.
I implemented EC keys support, but I haven't noticed 200 SLOC disclaimer (sorry!), so, if you count the empty lines and comments, the script grew above the threshold.
Well, I guess I can easily cut out at least 11 lines that parse DER, by making code more cryptic (will have to rely on "magic" offsets instead of calling openssl asn1parse
). Then, possibly, remove some safety checks/assertions about key material, as bad data willl be rejected by the server anyway...
from acme-tiny.
ECDSA works great. As you can see @ https://www.weblogzwolle.nl also with a secp384r1 curve. This is how I do it, maybe it helps you: http://pastebin.com/cRAtip4z
from acme-tiny.
@diafygi your version of acme-tiny already supports ECDSA certs, all that is needed is to use ECC-key, like PR #129 implies, nothing is needed to be done to the acme-tiny code itself.
from acme-tiny.
So, could we just close this ticket as ECDSA certifikate (keys) works without problems with current script, as they have always, or what are we really waiting for? :)
from acme-tiny.
Hmmm, maybe, but can it be added and keep the script under 200 lines?
from acme-tiny.
Uh. Well, I had managed to squeezed everything down to 200 lines exactly, but that went against the very idea of why the limitation is there and felt like participating into an obfuscated programming contest. I don't like what I did, and did that only to see if having low wc -l acme_tiny.py
is even possible. The only optimization I actually found good is factoring out all those openssl
calls into a function.
I think I'll give up at this point. It works for me, anyway. Whoever has any good idea how to make this into a good PR, suitable for the project, please do so.
from acme-tiny.
You can get ECDSA server certificates without any changes, which is what the thread linked was regarding. Do they accept ECDSA account keys?
from acme-tiny.
Any update on merging this ?
I understand the whole <200 lines thing, but isn't adding a major feature worth a few more lines ?
from acme-tiny.
@pfoo it seems @diafygi isn't caring about acme-tiny anymore :-(
from acme-tiny.
One can always fork it ... I'm using my own fork, but need to upgrade it as well.
from acme-tiny.
So what is the problem? ECDSA-certs already... Just read this ticket...
from acme-tiny.
I was actually speaking of @drdaeman implementation of ECDSA account key support, ecdsa for domain key is already supported.
from acme-tiny.
Ah.. well.. this ticket was originally AFAIK about ECDSA cert-key, not account...
from acme-tiny.
@rotanid I do still very much care about acme-tiny and I use it in my systems all the time. Adding features !== not caring.
As far as ECDSA support, I'm open to pull requests as long as it stays tiny. I just haven't started playing around with them very much myself so I haven't dug into how hard that would be.
from acme-tiny.
I think is about ECDSA account keys, not domain certificate keys, right?
from acme-tiny.
Related Issues (20)
- Consider switching from subprocess+openssl to Cryptography HOT 6
- List out of index error HOT 3
- Allow retry of network requests HOT 3
- Unable to update account :: contact method "" is not supported HOT 3
- Add support for alternate chains HOT 14
- Add option to change acme contact email HOT 2
- The future of acme-tiny? HOT 1
- Potential path traversal issue HOT 7
- 58752c527c9345d23a771d2a93f729aaa8fe7712 causes failure on ubuntu bionic HOT 2
- Regex for subject_alt_names fails on Windows due to \r\n as line break HOT 1
- certificate_pem, _, _ = _do_request() missing items HOT 1
- python(2) vs. python3 HOT 2
- Stack trace on unexpected HTTP response HOT 2
- [patch] minor, documentation. Do explicitly state not supporting challenge for wildcard (DNS-01) in README.md
- If you need to manually obtain the certificate, here is the easy-to-use web page ACME client on the browser, welcome to use🎉
- CERTIFICATE_VERIFY_FAILED on domain letsencrypt HOT 6
- Standalone Mode
- Asynchronous Order Finalization: will this require a change? HOT 2
- need automatic retry for LE server busy response. HOT 5
- acme-tiny has begun to issue return code 1 (indicating error) even on apparent success HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-tiny.