[openssl-users] Creating an X25519-based Certificate

Michael Scott mike.scott at miracl.com
Wed Jun 29 17:26:36 UTC 2016


On Wed, Jun 29, 2016 at 6:21 PM, Salz, Rich <rsalz at akamai.com> wrote:

>
> > To repeat: X25519 only supports key exchange.  The 25519 signing
> > mechanism is not yet defined.
>

Which I don't have a problem with.

But surely the openssl command line tool should provide a mechanism for
allowing an X25519-based certificate to be signed by a CA.

Its seems that the "certificate request" protocol, which requires
self-signing, prevents this in this case.


Mike


>
> And see also: https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160629/fad037eb/attachment.html>


More information about the openssl-users mailing list