[openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

Abhilash K.V abhilashkv at gmail.com
Sun Jul 17 10:35:29 UTC 2016


Hi ,



I am trying to generate a CSR using EC and wanted to have signature
algorithm as “ecdsa-with-SHA512”.

But in the generated csr I am getting signature algorithms as “Signature
Algorithm: ecdsa-with-SHA1” always.



Open ssl version : 1.0.1



It would be great if you can help me on this.



Code below:



int generate_csr()

{

    EVP_PKEY *privkey;



    if ((privkey = EVP_PKEY_new()) == NULL) {

        printf("Cannot allocate memory for private key.\n");

        exit(1);

    }



    EC_KEY *eckey;





    printf("Generating ECC keypair...\n");

    eckey = EC_KEY_new();

    if (NULL == eckey) {

        printf("Failed to create new EC Key\n");

        return -1;

    }



    EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp521r1);

    if (NULL == ecgroup) {

        printf("Failed to create new EC Group\n");

        return -1;

    }



    int set_group_status = EC_KEY_set_group(eckey, ecgroup);

    const int set_group_success = 1;

    if (set_group_success != set_group_status) {

        printf("Failed to set group for EC Key\n");

        return -1;

    }





    if (!EC_KEY_generate_key(eckey)) {

        printf("Failed to generate EC Key\n");

        exit(1);

    }



    if (!EVP_PKEY_assign_EC_KEY(privkey, eckey)) {

        printf("Cannot assign keypair to private key.\n");

        exit(1);

    }



    X509_REQ *req;

    if ((req = X509_REQ_new()) == NULL) {

        printf("Cannot allocate memory for certificate request.\n");

        exit(1);

    }



    X509_NAME * name;

    name = X509_REQ_get_subject_name(req);

    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)
"alice", -1, -1, 0);

    X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_ASC, (unsigned
char *)"alice at darkmatter.ae", -1, -1, 0);



    X509_REQ_set_pubkey(req, privkey);

    if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {

        printf("Cannot sign request.\n");

        exit(1);

    }







    const char *keyfn = "/Users/abhilash/test/csr_sample/tempkey.der";

    const char *csrfn = "/Users/abhilash/test/csr_sample/tempcsr.der";

    // write to files ...

    FILE * f;

    f = fopen(keyfn, "w");



    i2d_PrivateKey_fp(f, privkey);



    fclose(f);

    f = fopen(csrfn, "w");

    i2d_X509_REQ_fp(f, req);

    fclose(f);

    return 0;

}





Thanks,

Abhilash.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160717/521b2408/attachment.html>


More information about the openssl-users mailing list