Comments (6)
The signature algorithms (SHA1, etc.) are all supported so it should not matter. Do you know what the public key algorithms are (RSA, ECDSA, etc.) ? Can I have a look at these certificates?
We support the main algorithms (RSA 2048, RSA 4096 and ECDSA P256) but adding new ones should be straightfoward.
from trustkit.
For sure. I believe they are all ECDSA:
SHA1
GeoTrust_Primary_CA_G2_ECC.pem
VeriSign-Class-2-Public-Primary-Certification-Authority-G2.pem
SHA384
VeriSign-Class-3-Public-Primary-Certification-Authority-G4.pem
Appreciate you bearing with me. I’m just coming up to speed on the internal formats and low-level crypto.
from trustkit.
No problem - so from looking at the certificates:
- The GeoTrust and Verisign G4 roots use ECDSA secp384r1 - I will add support for this.
- The VeriSign G2 uses RSA 1024 - this is a very old certificate and algorithm, I'd rather avoid supporting RSA 1024. Also, it seems like this is a legacy root: "It is intended to be the primary root used for these products until Q4 2010 when VeriSign transitions to using a 2048 bit root." ( https://www.symantec.com/theme/roots )
from trustkit.
Thanks for checking into that @nabla-c0d3. I agree with view on 1024/legacy, we’re still discussing it. I’ll relay this back to the Paranoids, but sometimes things aren’t as clean when you run with well over 6,000 certs.
from trustkit.
Sure - we are directly in touch with the Paranoids too (we've worked with them for the past three years =) - some of the Yahoo Apps are already using TrustKit) so feel free to open an email thread or we can have a quick call with everyone if that helps.
from trustkit.
Moved that discussion to ✉️
from trustkit.
Related Issues (20)
- Build warning bitcode is enabled.
- build error on ios libTrustKit_Static.a HOT 3
- Random crash - TrustKit was not initialized
- Crash at ssl_pin_verifier.m - Line 43 HOT 4
- Crash at getCertificateAtIndex HOT 4
- Error when try build for Mac Catalyst
- Crash when app is restarted
- Crash in TrustKit initWithConfiguration:sharedContainerIdentifier:isSingleton:
- IOS17 support Trust Kit Crash (iphone15 physical) HOT 2
- TrustKit initialisation fully blocks the main thread in NotificationServiceExtension if its attempted before first unlock.
- TrustKitDynamic is not building HOT 1
- _SecTrustCopyCertificateChain getting EXC_BAD_ACCESS HOT 3
- VisionOS support
- Apple's update to their API policy - Required Reason in Privacy manifest HOT 4
- TrustKit crash only in production environment HOT 1
- [Bug] No longer working HOT 1
- If switch the calendar on your phone to the Japanese calendar, it may cause a date format error.
- unable to build Trustkit HOT 1
- Error with TrustKit after update
- Public key algorithm or length is not supported
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trustkit.