<div dir="ltr">Thanks Erwann, but that's not an answer to my question. <div><br><div>To get the CA to sign (using RSA or anything) a certificate that contains an X25519 public key, that certificate must first submit to the CA something called a "Certificate request". This takes the form of the supplicant certificate, which is self-signed. However you cannot self-sign with an X25519 key (using the openssl command line tool), as it objects that X25519 does not support signature. </div><div><br></div><div>So the issue arises around the "certificate request" process. There is I agree no problem in creating the certificate itself.</div><div><br></div><div><br></div><div>Mike<br><div><br></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 29, 2016 at 4:27 PM, Erwann Abalea <span dir="ltr"><<a href="mailto:Erwann.Abalea@docusign.com" target="_blank">Erwann.Abalea@docusign.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">
Bonjour,
<div><br>
</div>
<div>You may have a classic certificate containing your {X,Ed}{25519,448,whatever} public key once:</div>
<div>
<ul>
<li>an OID is allocated to identify this type of public key (it will go into tbs.subjectPublicKeyInfo.algorithm.algorithm)</li><li>a set of associated optional parameters are defined for this OID (to go into tbs.subjectPublicKeyInfo.algorithm.parameters)</li><li>a canonical encoding for this type of public key is defined, so the key material can be enclosed into tbs.subjectPublicKeyInfo.subjectPublicKey</li></ul>
</div>
<div><br>
</div>
<div>This certificate may be RSA-signed or ECDSA-signed (or whatever-signed, in fact).</div>
<div><br>
</div>
<div>For a CA to be able to Ed{25519,448,whatever}-sign something, the previous steps must have been done, plus:</div>
<div>
<ul>
<li>an OID is allocated to identify the signature algorithm to apply (it will not be ECDSA) -> cert.signatureAlgorithm.algorithm</li><li>a set of associated optional parameters are defined for this OID -> cert.signatureAlgorithm.parameters</li><li>a canonical encoding for the signature value is defined, so it can be enclosed into cert.signatureValue</li></ul>
</div>
<div><br>
</div>
<div>All this is being discussed at CFRG.</div>
<div><br>
<div>
<div>Cordialement,</div>
<div>Erwann Abalea</div>
</div>
<br>
<div>
<blockquote type="cite"><div><div class="h5">
<div>Le 29 juin 2016 à 16:46, Michael Scott <<a href="mailto:mike.scott@miracl.com" target="_blank">mike.scott@miracl.com</a>> a écrit :</div>
<br>
</div></div><div><div><div class="h5">
<div dir="ltr">Hello,
<div><br>
</div>
<div><br>
</div>
<div>How do I do this? Using the OpenSSL command line tool, a certificate request must be self-signed, but the X25519 elliptic curve (newly supported in version 1.1.0), doesn't do signature, it can only be used for key exchange.</div>
<div><br>
</div>
<div>(Of course the X25519 Montgomery curve is birationally equivalent to an Edwards curve which can do signature. And indeed it is our intention to use the Edwards curve. But first I need a CA-signed X25519 cert. But because of the above catch-22
problem, I cannot create one.) </div>
<div><br>
</div>
<div><br>
</div>
<div>Mike</div>
<div><br>
</div>
<div><br>
</div>
</div></div></div><span class="">
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" target="_blank">
https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</span></div>
</blockquote>
</div>
<br>
</div>
</div>
<br>--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br></blockquote></div><br></div>