RE: ECDSA certificate question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Michael,

I tried to invoke SM3 algorithm in command "openssl req -new -key eckey.pem -x509 -sm3 -nodes -days 365 -out cert.csr", unfortunately got the following error:

	140320586413888:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:crypto/ec/ec_pmeth.c:331:


-----Original Message-----
From: Michael Richardson <mcr+ietf@xxxxxxxxxxxx> 
Sent: Tuesday, September 22, 2020 4:36 PM
To: Yan, Bob <BYan@xxxxxxxx>
Cc: openssl-users@xxxxxxxxxxx
Subject: Re: ECDSA certificate question


Yan, Bob via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
    > Is there a way to generate a ECDSA certificate with SM2 typed public
    > key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x
    > version?

I don't know the detail with the SM3, part, but have you seen:

  https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-09
  https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki

but, 1.1.1 release notes say it supports SM3. I expect you need to tweak something when "openssl req" is run.

--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux