[openssl-users] Generating CSR based on an x25519 public key

Salz, Rich rsalz at akamai.com
Sat Oct 21 12:19:23 UTC 2017

  *   How would we be able to achieve this? I have read somewhere on a 2016 mail in the archives that it is an "encrypt-only" algorithm  and that is not possible.

X25519 is a key-exchange-only algorithm.  Ed25519 is a signing algorithm.  Unlike classic RSA, the signing and the key exchange are two different operations (well, technically RSA doesn’t have key exchange).  Both are defined by IETF RFC’s.  OpenSSL doesn’t fully support Ed25519.

  *   But I have found many sites on let's encrypt already using this.

Are you sure?  Please post a key.  Ed25519 is quite different from EdDSA or ECDSA or DSA, which typically use a P-256 curve.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171021/1f124045/attachment.html>

More information about the openssl-users mailing list