Re: Basic question about difference between AES256 and ED25519

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On 27/01/2023 11:53, skaainet@xxxxxxxxx wrote:
Hi all,

What is the real difference between doing:

   - openssl genrsa -aes256 ...
the -aes256 part does not apply to generating RSA keys
In general,
  openssl genrsa
is the same as
  openssl genpkey --algorithm rsa

   - openssl req
   - openssl x509
   - openssl pkcs12

and doing:

   - openssl genpkey -algorithm ED25519 ...
   - openssl req
   - openssl x509
   - openssl pkcs12

for the creation of a self-signed PFX file ?

- Is the second way (ED25519 curve) a valid way of working?
- The purpose is to use the PFX file for encrypting emails with s/mime. Will the PFX created with ED25519 work equally well in a email client? Why?

most *modern* email clients will accept ED25519 keys but there are no guarantees. It will depend also on the CA used to sign the certificate in the step `openssl x509` . Also keep in mind that the receiving party will need to trust the CA certificate for the mail to be considered "secure".

HTH,

JJK


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux