On Mon, Oct 09, 2023 at 07:06:05PM +0200, Steffen Nurpmeso wrote:
> After my CACert-backed S/MIME approach has come to an end
> i thought i switch to some self-signed one with attached
> certificate in signed envelope, as now many PGP people do.
> Alongside this i thought using a much smaller key would be great,
> and so i generated
>
> openssl req -noenc -newkey ED25519 -keyout key.pem -out csr.pem -x509
>
> which gives wonderful short things.
> Unfortunately i cannot use it
>
> s-nail: Error setting PKCS#7 signing object signer: error:10800094:PKCS7 routines::signing not supported for this key type
>
> I seem to know that this type does not support streams aka update,
> update, .. final cycles, but wanted to ask whether this is the
> problem here (without doing all the rewrite stuff), or whether the
> OpenSSL PKCS7 codebase simply cannot deal with RFC 8551 yet.
Join the queue, :-(
https://github.com/openssl/openssl/issues/11915
--
Viktor.
