[openssl-users] Generating CSR based on an x25519 public key

Jeffrey Walton noloader at gmail.com
Sat Oct 21 14:06:07 UTC 2017

On Sat, Oct 21, 2017 at 9:38 AM, Codarren Velvindron
<devildron at gmail.com> wrote:
> https://tls13.crypto.mozilla.org is using : The connection to this site is
> encrypted and authenticated using a strong protocol (TLS 1.3), a strong key
> exchange (X25519), and a strong cipher (AES_128_GCM).

That's what Rich said: "X25519 is a key-exchange-only algorithm". The
shared secret that drops out of the x25519 key exchange is used to key
AES128/GCM (some hand waiving).

> Using openssl standard tools is it possible to generate a CSR through
> Ed25519 ?

This is a different application. ed25519 is signing, not key exchange.

I'm not sure how to do it because I've never needed it. But keep in
mind Rich said: "OpenSSL doesn’t fully support Ed25519".


More information about the openssl-users mailing list