x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256
Dirk-Willem van Gulik
dirkx at webweaving.org
Tue Aug 24 07:56:57 UTC 2021
On 24 Aug 2021, at 09:47, murugesh pitchaiah <murugesh.pitchaiah at gmail.com> wrote:
>
> Hi,
>
> I am working on generating the x509v3 certificates for ssh user. I see
> with the default_md as 'sha256', in openssl.cnf file, the
> key/certificate is generated with algorithm type as 'x509v3-sign-rsa'.
>
> I see its signature algorithm is :
>
> Signature Algorithm: sha256WithRSAEncryption
> Public Key Algorithm: rsaEncryption
> Public-Key: (2048 bit)
>
>
> Can any one please share how to generate certificate for
> x509v3-ssh-rsa and x509v3-rsa2048-sha256 ? Basically looking for
> difference between these three type of public key algorithms ,and how
> to generate certificate of these types:
>
> x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256
>
> Because, even for x509v3-sign-rsa - I see the size is 2048 bit and it
> is sha256. Is it something to vary in 'default_md' (or newkey rsa:size
> and -sha) fields to vary to generate these different cert types ?
Try something like
openssl req -new -x509 -newkey rsa:1024 -sha256 -keyout /dev/stdout -nodes -subj /CN=foo |\
openssl x509 -pubkey -noout | openssl rsa -text -pubin -noout
openssl req -new -x509 -newkey rsa:1024 -sha256 -keyout /dev/stdout -nodes -subj /CN=foo |\
openssl x509 -text -noout | grep Signature
And vary the newkey argument to see what it actually generates as an RSA key.
In this example a 1024 bit one. You can also vary sha256 to things like md5, etc.
Dw.
More information about the openssl-users
mailing list