<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><tt>Which brings back my generalized
question from yesterday:</tt><tt><br>
</tt><tt><br>
</tt><tt>Since X25519 is not the first "encrypt-only" algorithm in
the </tt><tt><br>
</tt><tt>OpenSSL universe, how was requesting certificates handled
for <br>
</tt><tt>such algorithms in the past?</tt><tt><br>
</tt><tt><br>
</tt><tt>For example how would one request a DH certificate?</tt><tt><br>
</tt><tt><br>
</tt><tt>Whatever was defined back then might be trivially
extended <br>
to also handle X25519.</tt><tt><br>
</tt><br>
<br>
On 30/06/2016 10:37, Erwann Abalea wrote:<br>
</div>
<blockquote class=" cite"
id="mid_1E082092_B0C9_4B6B_96CC_E4481039FD6F_docusign_com"
cite="mid:1E082092-B0C9-4B6B-96CC-E4481039FD6F@docusign.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
Ok, you’re talking about OpenSSL command line tool only, I missed
that part.
<div class=""><br class="">
</div>
<div class="">The solution should then be to modify
apps/ca.c:certify() function to add an arg, and avoid the call
to X509_REQ_verify when desired.</div>
<div class=""><br class="">
<div>
<blockquote id="Cite_8924659" type="cite" class=" cite">
<div class="">Le 29 juin 2016 à 19:17, Michael Scott <<a
moz-do-not-send="true"
href="mailto:mike.scott@miracl.com" class=""><a class="moz-txt-link-abbreviated" href="mailto:mike.scott@miracl.com">mike.scott@miracl.com</a></a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">Thanks Erwann, but that's not an
answer to my question.
<div class=""><br class="">
<div class="">To get the CA to sign (using RSA or
anything) a certificate that contains an X25519
public key, that certificate must first submit to
the CA something called a "Certificate request".
This takes the form of the supplicant certificate,
which is self-signed. However you cannot self-sign
with an X25519 key (using the openssl command line
tool), as it objects that X25519 does not support
signature. </div>
<div class=""><br class="">
</div>
<div class="">So the issue arises around the
"certificate request" process. There is I agree no
problem in creating the certificate itself.</div>
</div>
</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On Wed, Jun 29, 2016 at 4:27
PM, Erwann Abalea <span dir="ltr" class="">
<<a moz-do-not-send="true"
href="mailto:Erwann.Abalea@docusign.com"
target="_blank" class="">Erwann.Abalea@docusign.com</a>></span>
wrote:<br class="">
<blockquote id="Cite_929619" class="gmail_quote cite"
style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div style="word-wrap:break-word" class="">Bonjour,
<div class=""><br class="">
</div>
<div class="">You may have a classic certificate
containing your {X,Ed}{25519,448,whatever}
public key once:</div>
<div class="">
<ul class="">
<li class="">an OID is allocated to identify
this type of public key (it will go into
tbs.subjectPublicKeyInfo.algorithm.algorithm)</li>
<li class="">a set of associated optional
parameters are defined for this OID (to go
into
tbs.subjectPublicKeyInfo.algorithm.parameters)</li>
<li class="">a canonical encoding for this
type of public key is defined, so the key
material can be enclosed into
tbs.subjectPublicKeyInfo.subjectPublicKey</li>
</ul>
</div>
<div class=""><br class="">
</div>
<div class="">This certificate may be RSA-signed
or ECDSA-signed (or whatever-signed, in fact).</div>
<div class=""><br class="">
</div>
<div class="">For a CA to be able to
Ed{25519,448,whatever}-sign something, the
previous steps must have been done, plus:</div>
<div class="">
<ul class="">
<li class="">an OID is allocated to identify
the signature algorithm to apply (it will
not be ECDSA) ->
cert.signatureAlgorithm.algorithm</li>
<li class="">a set of associated optional
parameters are defined for this OID ->
cert.signatureAlgorithm.parameters</li>
<li class="">a canonical encoding for the
signature value is defined, so it can be
enclosed into cert.signatureValue</li>
</ul>
</div>
<div class=""><br class="">
</div>
<div class="">All this is being discussed at CFRG.</div>
<div class=""><br class="">
<div class="">
<blockquote id="Cite_1806787" type="cite"
class=" cite">
<div class="">
<div class="h5">
<div class="">Le 29 juin 2016 à 16:46,
Michael Scott <<a
moz-do-not-send="true"
href="mailto:mike.scott@miracl.com"
target="_blank" class=""><a class="moz-txt-link-abbreviated" href="mailto:mike.scott@miracl.com">mike.scott@miracl.com</a></a>>
a écrit :</div>
<br class="">
</div>
</div>
<div class="">
<div class="">
<div class="h5">
<div dir="ltr" class="">
<div class="">How do I do this?
Using the OpenSSL command line
tool, a certificate request must
be self-signed, but the X25519
elliptic curve (newly supported in
version 1.1.0), doesn't do
signature, it can only be used for
key exchange.</div>
<div class=""><br class="">
</div>
<div class="">(Of course the X25519
Montgomery curve is birationally
equivalent to an Edwards curve
which can do signature. And indeed
it is our intention to use the
Edwards curve. But first I need a
CA-signed X25519 cert. But because
of the above catch-22 problem, I
cannot create one.) </div>
<div class=""><br class="">
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. <a class="moz-txt-link-freetext" href="https://www.wisemo.com">https://www.wisemo.com</a>
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded </pre>
</body>
</html>