Basic question about difference between AES256 and ED25519
t
skaainet at skynet.be
Fri Jan 27 16:02:08 UTC 2023
Hi,
Thanks for your reply.
So the final PFX does look different and clients need to be able to work
with it. Thanks for that information.
On 1/27/23 12:43, Jan Just Keijser wrote:
> Hi,
>
> On 27/01/2023 11:53, skaainet at skynet.be wrote:
>> Hi all,
>>
>> What is the real difference between doing:
>>
>> - openssl genrsa -aes256 ...
> the -aes256 part does not apply to generating RSA keys
> In general,
> openssl genrsa
> is the same as
> openssl genpkey --algorithm rsa
>
>> - openssl req
>> - openssl x509
>> - openssl pkcs12
>>
>> and doing:
>>
>> - openssl genpkey -algorithm ED25519 ...
>> - openssl req
>> - openssl x509
>> - openssl pkcs12
>>
>> for the creation of a self-signed PFX file ?
>>
>> - Is the second way (ED25519 curve) a valid way of working?
>> - The purpose is to use the PFX file for encrypting emails with
>> s/mime. Will the PFX created with ED25519 work equally well in a
>> email client? Why?
>
> most *modern* email clients will accept ED25519 keys but there are no
> guarantees. It will depend also on the CA used to sign the certificate
> in the step `openssl x509` . Also keep in mind that the receiving
> party will need to trust the CA certificate for the mail to be
> considered "secure".
>
> HTH,
>
> JJK
>
>
More information about the openssl-users
mailing list