Haven't tested it with other algorithms, but attempting to generate a Digest-type signature using secp256r1/P-256 (ECDSA) key using SHA-1 hashing algorithm
OpenSSL::PKey::EC.new(File.read('ecdsa.key')).sign(OpenSSL::Digest::SHA1.new, 'foobar')
fails with
OpenSSL::PKey::PKeyError: SHA1WITHEC Signature not available
sign at org/jruby/ext/openssl/PKey.java:223
Cursory investigation brings me to Bouncy Castle, where SHA1WITHECDSA algo does exists.
I have cobbled up a hacky patch to pass ECDSA in around here when PKeyEC instance is in play. It does work (both sign/verify output proper values, cross checked with CRuby's OpenSSL), but am not sure about architectural validity of this approach.
Haven't tested it with other algorithms, but attempting to generate a Digest-type signature using
secp256r1/P-256(ECDSA) key usingSHA-1hashing algorithmfails with
Cursory investigation brings me to Bouncy Castle, where
SHA1WITHECDSAalgo does exists.I have cobbled up a hacky patch to pass
ECDSAin around here whenPKeyECinstance is in play. It does work (both sign/verify output proper values, cross checked with CRuby's OpenSSL), but am not sure about architectural validity of this approach.