Creating an X25519 client certificate
rgm at htt-consult.com
Thu Mar 18 01:22:24 UTC 2021
On 3/17/21 8:17 PM, Viktor Dukhovni wrote:
> On Wed, Mar 17, 2021 at 07:44:05PM -0400, Robert Moskowitz wrote:
>>>> I have created my X25519 pub/priv keypair with:
>>>> openssl genpkey -algorithm X25519\
>>>> -out $dir/private/$clientemail-X.key.$format
>>> Are you sure you didn't want ed25519 instead? X25519 is a key agreement
>>> menthod, not a signature method.
>> My limited understanding is that for encrypted S/MIME, and ECDH cert
>> is needed. Thus if ED25519 is used for signing said S/MIME, X25519 is
>> used for encrypting.
> I see, this is for CMS, so you're trying to support:
>>>> openssl req -config $dir/openssl-intermediate.cnf\
>>>> -key $dir/private/$clientemail-X.key.$format \
>>>> -subj "$DN" -new -out $dir/csr/$clientemail-X.csr.$format
>>>> which is what I used for ED25519 client certs. But I get an error:
>>>> 140487683954496:error:0608D096:digital envelope
>>>> routines:EVP_PKEY_sign_init:operation not supported for this
>>> Not surprising, why do you expect this to work?
>> Shooting from the hip, a bit. If I am going to have an X25519 cert,
>> then I need a csr and this is the command to make one. So try it and
>> see what it does. Not too well, it turns out.
> Well, CSRs are self-signed, and X25519 does not support signing, so
> you CANNOT have an X25519 CSR.
Slap myself on the forehead....
Of course I know that. But did not stop to think this through. :(
Will read through all this and get back here....
> You can however create an X25519
> certificate directly for a given key:
> with other details (names, extensions, ...) pulled from a CSR.
> What can't get is proof of posession.
>>>> Oh, and I am ASSuMEing that a CA cert of ED25519 signs an X25519 client
>>>> cert. Haven't found instructions on this, but it seems reasonable...
> Well the CA can use any algorithm that supports signing, and is widely
> supported. It does not have to be Ed25519.
More information about the openssl-users