[openssl-users] EDDSA certificates

Robert Moskowitz rgm at htt-consult.com
Tue Aug 8 15:12:52 UTC 2017

I have read:  https://github.com/openssl/openssl/issues/487

And I am trying to grok its meaning.  I am running Fedora24 (I need to 
buy an new SSD before upgrading to F26) which has openssl 1.0.2k.

There is a note of a patch to 1.0.2j, but talk about 1.1.1.  I have 
attempted to read


Is there a command line option for creating an ed25519 cert and if so 
what version?  I tried:

openssl req -new -outform PEM -out certs/$commonName.crt -newkey ed25519 
-nodes -keyout private/$commonName.key -keyform PEM -days 3650 -x509 
-extensions v3_req -subj 

And got:

Unknown algorithm ed25519


On 07/27/2017 10:45 AM, Benjamin Kaduk wrote:
> On 07/27/2017 09:18 AM, Robert Moskowitz wrote:
>> Rich,
>> Meant to ask you about this at IETF.
>> Given draft-ietf-curdle-pkix-05.txt sec 10, is there openssl code to 
>> produce these???
> There is code to validate them, per commit 
> 4328dd41582bcdca8e4f51f0a3abadfafa2163ee.  I didn't look hard enough 
> to find how to generate them, but it ought to be there too.
>> And, relatedly, what do you think about CBOR encoding rather than 
>> ASN.1?  Kill ASN.1 in constrained devices and save on transmission 
>> costs?
> It seems hard to shift a big ecosystem and introduce risk of 
> incompatibility, but I haven't really thought about it.
> -Ben

More information about the openssl-users mailing list