ECDSA certificate question

Yan, Bob BYan at
Tue Sep 22 23:49:18 UTC 2020

Thanks Michael,

I tried to invoke SM3 algorithm in command "openssl req -new -key eckey.pem -x509 -sm3 -nodes -days 365 -out cert.csr", unfortunately got the following error:

	140320586413888:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:crypto/ec/ec_pmeth.c:331:

-----Original Message-----
From: Michael Richardson <mcr+ietf at> 
Sent: Tuesday, September 22, 2020 4:36 PM
To: Yan, Bob <BYan at>
Cc: openssl-users at
Subject: Re: ECDSA certificate question

Yan, Bob via openssl-users <openssl-users at> wrote:
    > Is there a way to generate a ECDSA certificate with SM2 typed public
    > key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x
    > version?

I don't know the detail with the SM3, part, but have you seen:

but, 1.1.1 release notes say it supports SM3. I expect you need to tweak something when "openssl req" is run.

Michael Richardson <mcr+IETF at>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

More information about the openssl-users mailing list