Skip to content

Deprecate ecdsa keytype#1138

Open
PratGit1606 wants to merge 2 commits into
secure-systems-lab:mainfrom
PratGit1606:deprecate-ecdsa-keytype
Open

Deprecate ecdsa keytype#1138
PratGit1606 wants to merge 2 commits into
secure-systems-lab:mainfrom
PratGit1606:deprecate-ecdsa-keytype

Conversation

@PratGit1606

Copy link
Copy Markdown
Contributor

Fixes #363

Emits DeprecationWarning in SSlibKey._verify() when the legacy
keytype strings (ecdsa-sha2-nistp256, ecdsa-sha2-nistp384,
ecdsa-sha2-nistp521) are used as keytype values. The correct keytype
is ecdsa. Backward compatibility is preserved, verification still
succeeds, but users are warned to update their code.

Changes:

  • _key.py: added warnings.warn(DeprecationWarning) in each of the
    three ECDSA verification branches when keytype == scheme
  • __init__.py: added deprecation comment above legacy registry entries
  • CHANGELOG.md: added ## Unreleased### Deprecated section
  • tests/test_signer.py: added test asserting legacy keytype warns and
    correct keytype does not

Note: this PR is stacked on #1137 (add named constants). The diff
currently includes those changes, once #1137 merges this can be
rebased onto main cleanly.

Verified: tox -e lint,py,purepy,py-no-gpg all pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Deprecate ecdsa-sha2-nistp256 keytype

1 participant