[openssl-users] ed25519 self-signed root cert
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jul 27 14:43:37 UTC 2018
> On Jul 27, 2018, at 10:36 AM, Robert Moskowitz <rgm at htt-consult.com> wrote:
>
> nyway error on the next step:
>
> # openssl req -config $dir/openssl-root.cnf\
> > -set_serial 0x$(openssl rand -hex $sn)\
> > -keyform pem -outform pem\
> > -key $dir/private/ca.key.pem -subj "$DN"\
> > -new -x509 -days 7300 -extensions v3_ca\
> > -out $dir/certs/ca.cert.pem
> Enter pass phrase for /root/ca/private/ca.key.pem:
> 3064983568:error:1010F08A:elliptic curve routines:pkey_ecd_ctrl:invalid digest type:crypto/ec/ecx_meth.c:801:
Do you have a "default_md" in your configuration file?
Ed25519 and Ed448 sign the raw data, not a digest thereof.
It might be more use-friendly to figure out a way to ignore
the requested digest rather than throw an error...
--
--
Viktor.
More information about the openssl-users
mailing list