Re: Creating an X25519 client certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/17/21 8:17 PM, Viktor Dukhovni wrote:

On Wed, Mar 17, 2021 at 07:44:05PM -0400, Robert Moskowitz wrote:


I have created my X25519 pub/priv keypair with:

openssl genpkey -algorithm X25519\
       -out $dir/private/$clientemail-X.key.$format

Are you sure you didn't want ed25519 instead?  X25519 is a key agreement
menthod, not a signature method.

My limited understanding is that for encrypted S/MIME, and ECDH cert
is needed.  Thus if ED25519 is used for signing said S/MIME, X25519 is
used for encrypting.

I see, this is for CMS, so you're trying to support:

     https://tools.ietf.org/html/draft-ietf-curdle-cms-ecdh-new-curves-10


openssl req -config $dir/openssl-intermediate.cnf\
       -key $dir/private/$clientemail-X.key.$format \
       -subj "$DN" -new -out $dir/csr/$clientemail-X.csr.$format

which is what I used for ED25519 client certs.  But I get an error:

140487683954496:error:0608D096:digital envelope
routines:EVP_PKEY_sign_init:operation not supported for this
keytype:crypto/evp/pmeth_fn.c:39:

Not surprising, why do you expect this to work?

Shooting from the hip, a bit.  If I am going to have an X25519 cert,
then I need a csr and this is the command to make one.  So try it and
see what it does.  Not too well, it turns out.

Well, CSRs are self-signed, and X25519 does not support signing, so
you CANNOT have an X25519 CSR.


Slap myself on the forehead....

Of course I know that.  But did not stop to think this through.   :(

Will read through all this and get back here....


You can however create an X25519
certificate directly for a given key:

https://crypto.stackexchange.com/questions/19452/static-dh-static-ecdh-certificate-using-openssl

with other details (names, extensions, ...) pulled from a CSR.
What can't get is proof of posession.


Oh, and I am ASSuMEing that a CA cert of ED25519 signs an X25519 client
cert.  Haven't found instructions on this, but it seems reasonable...

https://crypto.stackexchange.com/questions/27866/why-curve25519-for-encryption-but-ed25519-for-signatures

Well the CA can use any algorithm that supports signing, and is widely
supported.  It does not have to be Ed25519.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux