[openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512
Abhilash K.V
abhilashkv at gmail.com
Sun Jul 17 10:35:29 UTC 2016
Hi ,
I am trying to generate a CSR using EC and wanted to have signature
algorithm as “ecdsa-with-SHA512”.
But in the generated csr I am getting signature algorithms as “Signature
Algorithm: ecdsa-with-SHA1” always.
Open ssl version : 1.0.1
It would be great if you can help me on this.
Code below:
int generate_csr()
{
EVP_PKEY *privkey;
if ((privkey = EVP_PKEY_new()) == NULL) {
printf("Cannot allocate memory for private key.\n");
exit(1);
}
EC_KEY *eckey;
printf("Generating ECC keypair...\n");
eckey = EC_KEY_new();
if (NULL == eckey) {
printf("Failed to create new EC Key\n");
return -1;
}
EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp521r1);
if (NULL == ecgroup) {
printf("Failed to create new EC Group\n");
return -1;
}
int set_group_status = EC_KEY_set_group(eckey, ecgroup);
const int set_group_success = 1;
if (set_group_success != set_group_status) {
printf("Failed to set group for EC Key\n");
return -1;
}
if (!EC_KEY_generate_key(eckey)) {
printf("Failed to generate EC Key\n");
exit(1);
}
if (!EVP_PKEY_assign_EC_KEY(privkey, eckey)) {
printf("Cannot assign keypair to private key.\n");
exit(1);
}
X509_REQ *req;
if ((req = X509_REQ_new()) == NULL) {
printf("Cannot allocate memory for certificate request.\n");
exit(1);
}
X509_NAME * name;
name = X509_REQ_get_subject_name(req);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)
"alice", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_ASC, (unsigned
char *)"alice at darkmatter.ae", -1, -1, 0);
X509_REQ_set_pubkey(req, privkey);
if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
printf("Cannot sign request.\n");
exit(1);
}
const char *keyfn = "/Users/abhilash/test/csr_sample/tempkey.der";
const char *csrfn = "/Users/abhilash/test/csr_sample/tempcsr.der";
// write to files ...
FILE * f;
f = fopen(keyfn, "w");
i2d_PrivateKey_fp(f, privkey);
fclose(f);
f = fopen(csrfn, "w");
i2d_X509_REQ_fp(f, req);
fclose(f);
return 0;
}
Thanks,
Abhilash.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160717/521b2408/attachment.html>
More information about the openssl-users
mailing list