SNOW-3017609: Support ECDSA keys for key-pair authentication

[jesusmgg]

What is the current behavior?

Key-pair authentication only accepts RSA keys.

Using an ECDSA private key raises:
Private key type (_EllipticCurvePrivateKey) not supported. Please provide a valid rsa private key in DER format as bytes object.

What is the desired behavior?

Support EllipticCurvePrivateKey for key-pair authentication:

• Accept EC keys with curves P-256, P-384, P-521
• Select JWT algorithm based on curve:
  • P-256 (secp256r1) → ES256
  • P-384 (secp384r1) → ES384
  • P-521 (secp521r1) → ES512
• Raise clear error for unsupported curves

How would this improve snowflake-connector-python?

Snowflake server already supports ECDSA keys for JWT authentication. EC keys provide equivalent security to RSA with smaller key sizes (256-bit EC ≈ 3072-bit RSA), making them easier to manage and transmit.

I have a working implementation and will submit a PR with unit tests.

References and other background

Snowflake JWT documentation: https://docs.snowflake.com/en/developer-guide/sql-api/authenticating#using-key-pair-authentication

[sfc-gh-dszmolka]

thank you for submitting this enhancement request @jesusmgg and especially if you're willing to provide an implementation for it too ;) the team will review the PR once it's up, and in parallel if you end up deciding not raising a PR for it that's also completely fine (in this case please reach out to your Snowflake Sales representative to let them know about this requirement)