[openssl-users] Generating CSR based on an x25519 public key

Kyle Hamilton aerowolf at gmail.com
Mon Oct 23 22:47:29 UTC 2017


Out of curiosity, what are the algorithm identifiers for X25519 and Ed25519?

-Kyle H

On Mon, Oct 23, 2017 at 3:24 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> On 21/10/2017 15:38, Codarren Velvindron wrote:
>>
>> https://tls13.crypto.mozilla.org is using : The connection to this site is
>> encrypted and authenticated using a strong protocol (TLS 1.3), a strong key
>> exchange (X25519), and a strong cipher (AES_128_GCM).
>>
>> Using openssl standard tools is it possible to generate a CSR through
>> Ed25519 ?
>>
>
>
> If you look further into this test page, at least with my
> browser, it uses x25519 with a regular RSA certificate from
> Let's encrypt.  I don't know if they use a different
> certificate with other browsers based on checking some TLS
> extensions etc.
>
> The x25519 public key has no certificate, it is randomly
> generated for each connection and signed with the RSA key
> from the certificate.
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


More information about the openssl-users mailing list