Basic question about difference between AES256 and ED25519
Jan Just Keijser
jan.just.keijser at gmail.com
Fri Jan 27 11:43:21 UTC 2023
Hi,
On 27/01/2023 11:53, skaainet at skynet.be wrote:
> Hi all,
>
> What is the real difference between doing:
>
> - openssl genrsa -aes256 ...
the -aes256 part does not apply to generating RSA keys
In general,
openssl genrsa
is the same as
openssl genpkey --algorithm rsa
> - openssl req
> - openssl x509
> - openssl pkcs12
>
> and doing:
>
> - openssl genpkey -algorithm ED25519 ...
> - openssl req
> - openssl x509
> - openssl pkcs12
>
> for the creation of a self-signed PFX file ?
>
> - Is the second way (ED25519 curve) a valid way of working?
> - The purpose is to use the PFX file for encrypting emails with
> s/mime. Will the PFX created with ED25519 work equally well in a email
> client? Why?
most *modern* email clients will accept ED25519 keys but there are no
guarantees. It will depend also on the CA used to sign the certificate
in the step `openssl x509` . Also keep in mind that the receiving party
will need to trust the CA certificate for the mail to be considered
"secure".
HTH,
JJK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230127/99ab1b9a/attachment.htm>
More information about the openssl-users
mailing list