[openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512
Dr. Stephen Henson
steve at openssl.org
Sun Jul 17 16:05:35 UTC 2016
On Sun, Jul 17, 2016, Abhilash K.V wrote:
> I am trying to generate a CSR using EC and wanted to have signature
> algorithm as ???ecdsa-with-SHA512???.
>
> But in the generated csr I am getting signature algorithms as ???Signature
> Algorithm: ecdsa-with-SHA1??? always.
>
>
> if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
>
Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is only
retained for compatibility with old code. Use EVP_sha512() instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list