Bonjour,
You may have a classic certificate containing your {X,Ed}{25519,448,whatever} public key once:
* an OID is allocated to identify this type of public key (it will go into tbs.subjectPublicKeyInfo.algorithm.algorithm)
* a set of associated optional parameters are defined for this OID (to go into tbs.subjectPublicKeyInfo.algorithm.parameters)
* a canonical encoding for this type of public key is defined, so the key material can be enclosed into tbs.subjectPublicKeyInfo.subjectPublicKey
This certificate may be RSA-signed or ECDSA-signed (or whatever-signed, in fact).
For a CA to be able to Ed{25519,448,whatever}-sign something, the previous steps must have been done, plus:
* an OID is allocated to identify the signature algorithm to apply (it will not be ECDSA) -> cert.signatureAlgorithm.algorithm
* a set of associated optional parameters are defined for this OID -> cert.signatureAlgorithm.parameters
* a canonical encoding for the signature value is defined, so it can be enclosed into cert.signatureValue
All this is being discussed at CFRG.
Cordialement,
Erwann Abalea
Le 29 juin 2016 ? 16:46, Michael Scott <mike.scott at miracl.com<mailto:mike.scott at miracl.com>> a ?crit :
Hello,
How do I do this? Using the OpenSSL command line tool, a certificate request must be self-signed, but the X25519 elliptic curve (newly supported in version 1.1.0), doesn't do signature, it can only be used for key exchange.
(Of course the X25519 Montgomery curve is birationally equivalent to an Edwards curve which can do signature. And indeed it is our intention to use the Edwards curve. But first I need a CA-signed X25519 cert. But because of the above catch-22 problem, I cannot create one.)
Mike
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160629/9bd98b71/attachment.html>
