Bug #3438: Invalid default certificate created for existing default key of an identity - ndn-cxx - NDN project issue tracking system

Actions

Copy link

Bug #3438

closed

Invalid default certificate created for existing default key of an identity

Added by Alex Afanasyev over 8 years ago. Updated almost 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Security

Target version:

v0.5

Start date:

01/29/2016

Due date:

% Done:

100%

Estimated time:

Description

When an identity has a default key, but no associated certificate, signing with the identity will result in generating another key and self-signed certificate. Instead, a self-signed certificate should be created in this case.

To reproduce issue (http://gerrit.named-data.net/#/c/2692/1/tests/unit-tests/security/key-chain.t.cpp@422),

KeyChain keyChain;
Name ecdsaIdentity = Name("/ndn/test/ecdsa").appendVersion();
Name ecdsaKeyName = keyChain.generateEcdsaKeyPairAsDefault(ecdsaIdentity, false, 256);
BOOST_CHECK_NO_THROW(keyChain.sign(data, signingByIdentity(ecdsaIdentity)));
BOOST_CHECK_EQUAL(data.getSignature().getType(),
                  KeyChain::getSignatureType(EcdsaKeyParams().getKeyType(), DIGEST_ALGORITHM_SHA256));
BOOST_CHECK(ecdsaIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName()));

if no certificate is available for the default key and its type does not corresponds to the DEFAULT_KEY_PARAMS a new pair of DEFAULT_KEY_PARAMS keys is created, set as default and used for
signing. Solved by checking the type of key of the default key pair for the identity.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

NFD » ndn-cxx

Tags

Bug #3438

Invalid default certificate created for existing default key of an identity

Updated by Alex Afanasyev over 8 years ago

Updated by Junxiao Shi over 8 years ago

Updated by José Quevedo over 8 years ago

Updated by Alex Afanasyev about 8 years ago

Updated by Alex Afanasyev almost 8 years ago