I have read: https://github.com/openssl/openssl/issues/487
And I am trying to grok its meaning. I am running Fedora24 (I need to
buy an new SSD before upgrading to F26) which has openssl 1.0.2k.
There is a note of a patch to 1.0.2j, but talk about 1.1.1. I have
attempted to read
https://gist.github.com/ladar/e45e893901f30f480dd49265ba3c42c0
Is there a command line option for creating an ed25519 cert and if so
what version? I tried:
openssl req -new -outform PEM -out certs/$commonName.crt -newkey ed25519
-nodes -keyout private/$commonName.key -keyform PEM -days 3650 -x509
-extensions v3_req -subj
"/countryName=$countryName/stateOrProvinceName=$stateOrProvinceName/localityName=$localityName/organizationName=$organizationName/organizationalUnitName=$organizationalUnitName/commonName=$commonName/emailAddress=$emailAddress"
And got:
Unknown algorithm ed25519
thanks.
On 07/27/2017 10:45 AM, Benjamin Kaduk wrote:
On 07/27/2017 09:18 AM, Robert Moskowitz wrote:
Rich,
Meant to ask you about this at IETF.
Given draft-ietf-curdle-pkix-05.txt sec 10, is there openssl code to
produce these???
There is code to validate them, per commit
4328dd41582bcdca8e4f51f0a3abadfafa2163ee. I didn't look hard enough
to find how to generate them, but it ought to be there too.
And, relatedly, what do you think about CBOR encoding rather than
ASN.1? Kill ASN.1 in constrained devices and save on transmission
costs?
It seems hard to shift a big ecosystem and introduce risk of
incompatibility, but I haven't really thought about it.
-Ben
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
