Hi,
Thanks for your reply.
So the final PFX does look different and clients need to be able to work
with it. Thanks for that information.
On 1/27/23 12:43, Jan Just Keijser wrote:
Hi,
On 27/01/2023 11:53, skaainet@xxxxxxxxx wrote:
Hi all,
What is the real difference between doing:
- openssl genrsa -aes256 ...
the -aes256 part does not apply to generating RSA keys
In general,
openssl genrsa
is the same as
openssl genpkey --algorithm rsa
- openssl req
- openssl x509
- openssl pkcs12
and doing:
- openssl genpkey -algorithm ED25519 ...
- openssl req
- openssl x509
- openssl pkcs12
for the creation of a self-signed PFX file ?
- Is the second way (ED25519 curve) a valid way of working?
- The purpose is to use the PFX file for encrypting emails with
s/mime. Will the PFX created with ED25519 work equally well in a
email client? Why?
most *modern* email clients will accept ED25519 keys but there are no
guarantees. It will depend also on the CA used to sign the certificate
in the step `openssl x509` . Also keep in mind that the receiving
party will need to trust the CA certificate for the mail to be
considered "secure".
HTH,
JJK
