On Mon, Oct 09, 2023 at 07:06:05PM +0200, Steffen Nurpmeso wrote: > After my CACert-backed S/MIME approach has come to an end > i thought i switch to some self-signed one with attached > certificate in signed envelope, as now many PGP people do. > Alongside this i thought using a much smaller key would be great, > and so i generated > > openssl req -noenc -newkey ED25519 -keyout key.pem -out csr.pem -x509 > > which gives wonderful short things. > Unfortunately i cannot use it > > s-nail: Error setting PKCS#7 signing object signer: error:10800094:PKCS7 routines::signing not supported for this key type > > I seem to know that this type does not support streams aka update, > update, .. final cycles, but wanted to ask whether this is the > problem here (without doing all the rewrite stuff), or whether the > OpenSSL PKCS7 codebase simply cannot deal with RFC 8551 yet. Join the queue, :-( https://github.com/openssl/openssl/issues/11915 -- Viktor.