ECDSA certificate question
Yan, Bob
BYan at visa.com
Tue Sep 22 23:49:18 UTC 2020
Thanks Michael,
I tried to invoke SM3 algorithm in command "openssl req -new -key eckey.pem -x509 -sm3 -nodes -days 365 -out cert.csr", unfortunately got the following error:
140320586413888:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:crypto/ec/ec_pmeth.c:331:
-----Original Message-----
From: Michael Richardson <mcr+ietf at sandelman.ca>
Sent: Tuesday, September 22, 2020 4:36 PM
To: Yan, Bob <BYan at visa.com>
Cc: openssl-users at openssl.org
Subject: Re: ECDSA certificate question
Yan, Bob via openssl-users <openssl-users at openssl.org> wrote:
> Is there a way to generate a ECDSA certificate with SM2 typed public
> key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x
> version?
I don't know the detail with the SM3, part, but have you seen:
https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-09
https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki
but, 1.1.1 release notes say it supports SM3. I expect you need to tweak something when "openssl req" is run.
--
Michael Richardson <mcr+IETF at sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
More information about the openssl-users
mailing list