What is the current behavior?
Key-pair authentication only accepts RSA keys.
Using an ECDSA private key raises:
Private key type (_EllipticCurvePrivateKey) not supported. Please provide a valid rsa private key in DER format as bytes object.
What is the desired behavior?
Support EllipticCurvePrivateKey for key-pair authentication:
- Accept EC keys with curves P-256, P-384, P-521
- Select JWT algorithm based on curve:
- P-256 (secp256r1) → ES256
- P-384 (secp384r1) → ES384
- P-521 (secp521r1) → ES512
- Raise clear error for unsupported curves
How would this improve snowflake-connector-python?
Snowflake server already supports ECDSA keys for JWT authentication. EC keys provide equivalent security to RSA with smaller key sizes (256-bit EC ≈ 3072-bit RSA), making them easier to manage and transmit.
I have a working implementation and will submit a PR with unit tests.
References and other background
Snowflake JWT documentation: https://docs.snowflake.com/en/developer-guide/sql-api/authenticating#using-key-pair-authentication
What is the current behavior?
Key-pair authentication only accepts RSA keys.
Using an ECDSA private key raises:
Private key type (_EllipticCurvePrivateKey) not supported. Please provide a valid rsa private key in DER format as bytes object.What is the desired behavior?
Support EllipticCurvePrivateKey for key-pair authentication:
How would this improve
snowflake-connector-python?Snowflake server already supports ECDSA keys for JWT authentication. EC keys provide equivalent security to RSA with smaller key sizes (256-bit EC ≈ 3072-bit RSA), making them easier to manage and transmit.
I have a working implementation and will submit a PR with unit tests.
References and other background
Snowflake JWT documentation: https://docs.snowflake.com/en/developer-guide/sql-api/authenticating#using-key-pair-authentication