
<div dir="ltr"><div class="gmail_quote"><br><br><div dir="ltr">


<p><span>Hi ,</span></p>

<p><span> </span></p>

<p><span>I am trying to generate a CSR using EC and wanted to have signature algorithm as “</span><span>ecdsa-with-SHA512”.</span></p>

<p><span>But in the generated csr I am getting signature algorithms as “Signature Algorithm: ecdsa-with-SHA1” always.</span></p>

<p><span> </span></p>

<p><span>Open ssl version : 1.0.1</span></p>

<p><span> </span></p>

<p><span>It would be great if you can help me on this.</span></p>

<p><span> </span></p>

<p><span>Code below:</span></p>

<p><span> </span></p>

<p><span>int</span><span> generate_csr()</span></p>

<p><span>{</span></p>

<p><span>    </span><span>EVP_PKEY</span><span> *privkey;</span></p>

<p><span>   </span></p>

<p><span>    </span><span>if</span><span> ((privkey = </span><span>EVP_PKEY_new</span><span>()) == </span><span>NULL</span><span>) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Cannot allocate memory for private key.\n"</span><span>);</span></p>

<p><span>        </span><span>exit</span><span>(</span><span>1</span><span>);</span></p>

<p><span>    }</span></p>

<p><span>   </span></p>

<p><span>    </span><span>EC_KEY</span><span> *eckey;</span></p>

<p><span>   </span></p>

<p><span>    </span></p>

<p><span>    </span><span>printf</span><span>(</span><span>"Generating ECC keypair...\n"</span><span>);</span></p>

<p><span>    eckey = </span><span>EC_KEY_new</span><span>();</span></p>

<p><span>    </span><span>if</span><span> (</span><span>NULL</span><span> == eckey) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Failed to create new EC Key\n"</span><span>);</span></p>

<p><span>        </span><span>return</span><span> -</span><span>1</span><span>;</span></p>

<p><span>    }</span></p>

<p><span>   </span></p>

<p><span>    </span><span>EC_GROUP</span><span> *ecgroup = </span><span>EC_GROUP_new_by_curve_name</span><span>(</span><span>NID_secp521r1</span><span>);</span></p>

<p><span>    </span><span>if</span><span> (</span><span>NULL</span><span> == ecgroup) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Failed to create new EC Group\n"</span><span>);</span></p>

<p><span>        </span><span>return</span><span> -</span><span>1</span><span>;</span></p>

<p><span>    }</span></p>

<p><span>   </span></p>

<p><span>    </span><span>int</span><span> set_group_status = </span><span>EC_KEY_set_group</span><span>(eckey, ecgroup);</span></p>

<p><span>    </span><span>const</span><span> </span><span>int</span><span> set_group_success = </span><span>1</span><span>;</span></p>

<p><span>    </span><span>if</span><span> (set_group_success != set_group_status) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Failed to set group for EC Key\n"</span><span>);</span></p>

<p><span>        </span><span>return</span><span> -</span><span>1</span><span>;</span></p>

<p><span>    }</span></p>

<p><span>   </span></p>

<p><span>    </span></p>

<p><span>    </span><span>if</span><span> (!</span><span>EC_KEY_generate_key</span><span>(eckey)) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Failed to generate EC Key\n"</span><span>);</span></p>

<p><span>        </span><span>exit</span><span>(</span><span>1</span><span>);</span></p>

<p><span>    }</span></p>

<p><span>   </span></p>

<p><span>    </span><span>if</span><span> (!</span><span>EVP_PKEY_assign_EC_KEY</span><span>(privkey, eckey)) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Cannot assign keypair to private key.\n"</span><span>);</span></p>

<p><span>        </span><span>exit</span><span>(</span><span>1</span><span>);</span></p>

<p><span>    }</span></p>

<p><span>   </span></p>

<p><span>    </span><span>X509_REQ</span><span> *req;</span></p>

<p><span>    </span><span>if</span><span> ((req = </span><span>X509_REQ_new</span><span>()) == </span><span>NULL</span><span>) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Cannot allocate memory for certificate request.\n"</span><span>);</span></p>

<p><span>        </span><span>exit</span><span>(</span><span>1</span><span>);</span></p>

<p><span>    }</span></p>

<p><span> </span></p>

<p><span>    </span><span>X509_NAME</span><span> * name;</span></p>

<p><span>    name = </span><span>X509_REQ_get_subject_name</span><span>(req);</span></p>

<p><span>    </span><span>X509_NAME_add_entry_by_txt</span><span>(name, </span><span>"CN"</span><span>, </span><span>MBSTRING_ASC</span><span>, (</span><span>unsigned</span><span> </span><span>char</span><span> *)</span><span>"alice"</span><span>, -</span><span>1</span><span>, -</span><span>1</span><span>, </span><span>0</span><span>);</span></p>

<p><span>    </span><span>X509_NAME_add_entry_by_txt</span><span>(name, </span><span>"emailAddress"</span><span>, </span><span>MBSTRING_ASC</span><span>, (</span><span>unsigned</span><span> </span><span>char</span><span> *)</span><span>"<a href="mailto:alice@darkmatter.ae" target="_blank"><span>alice@darkmatter.ae</span></a>"</span><span>, -</span><span>1</span><span>, -</span><span>1</span><span>, </span><span>0</span><span>);</span></p>

<p><span>   </span></p>

<p><span>    </span><span>X509_REQ_set_pubkey</span><span>(req, privkey);</span></p>

<p><span>    </span><span>if</span><span> (!</span><span>X509_REQ_sign</span><span>(req, privkey, </span><span>EVP_ecdsa</span><span>())) {</span></p>

<p><span>        </span><span>printf</span><span>(</span><span>"Cannot sign request.\n"</span><span>);</span></p>

<p><span>        </span><span>exit</span><span>(</span><span>1</span><span>);</span></p>

<p><span>    }</span></p>

<p><span>   </span></p>

<p><span>    </span></p>

<p><span>    </span></p>

<p><span>    </span><span>const</span><span> </span><span>char</span><span> *keyfn = </span><span>"/Users/abhilash/test/csr_sample/tempkey.der"</span><span>;</span></p>

<p><span>    </span><span>const</span><span> </span><span>char</span><span> *csrfn = </span><span>"/Users/abhilash/test/csr_sample/tempcsr.der"</span><span>;</span></p>

<p><span>    </span><span>// write to files ...</span></p>

<p><span>    </span><span>FILE</span><span> * f;</span></p>

<p><span>    f = </span><span>fopen</span><span>(keyfn, </span><span>"w"</span><span>);</span></p>

<p><span>   </span></p>

<p><span>    </span><span>i2d_PrivateKey_fp</span><span>(f, privkey);</span></p>

<p><span>   </span></p>

<p><span>    </span><span>fclose</span><span>(f);</span></p>

<p><span>    f = </span><span>fopen</span><span>(csrfn, </span><span>"w"</span><span>);</span></p>

<p><span>    </span><span>i2d_X509_REQ_fp</span><span>(f, req);</span></p>

<p><span>    </span><span>fclose</span><span>(f);</span></p>

<p><span>    </span><span>return</span><span> </span><span>0</span><span>;</span></p>

<p><span>}</span></p>

<p><span> </span></p>

<p><span> </span></p>

<p><span>Thanks,</span></p>

<p><span>Abhilash.</span></p></div>

</div><br></div>