[openssl-users] ed25519 self-signed root cert

Viktor Dukhovni openssl-users at dukhovni.org
Fri Jul 27 14:43:37 UTC 2018

> On Jul 27, 2018, at 10:36 AM, Robert Moskowitz <rgm at htt-consult.com> wrote:
> nyway error on the next step:
> # openssl req -config $dir/openssl-root.cnf\
> >      -set_serial 0x$(openssl rand -hex $sn)\
> >      -keyform pem -outform pem\
> >      -key $dir/private/ca.key.pem -subj "$DN"\
> >      -new -x509 -days 7300 -extensions v3_ca\
> >      -out $dir/certs/ca.cert.pem
> Enter pass phrase for /root/ca/private/ca.key.pem:
> 3064983568:error:1010F08A:elliptic curve routines:pkey_ecd_ctrl:invalid digest type:crypto/ec/ecx_meth.c:801:

Do you have a "default_md" in your configuration file?
Ed25519 and Ed448 sign the raw data, not a digest thereof.

It might be more use-friendly to figure out a way to ignore
the requested digest rather than throw an error...


More information about the openssl-users mailing list