<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Hi,<br>
<br>
On 27/01/2023 11:53, <a class="moz-txt-link-abbreviated" href="mailto:skaainet@skynet.be">skaainet@skynet.be</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ef43e2c1-7730-b057-c627-94750daa605c@skynet.be">Hi all,
<br>
<br>
What is the real difference between doing:
<br>
<br>
- openssl genrsa -aes256 ...
<br>
</blockquote>
the -aes256 part does not apply to generating RSA keys<br>
In general,<br>
openssl genrsa<br>
is the same as<br>
openssl genpkey --algorithm rsa<br>
<br>
<blockquote type="cite"
cite="mid:ef43e2c1-7730-b057-c627-94750daa605c@skynet.be"> -
openssl req
<br>
- openssl x509
<br>
- openssl pkcs12
<br>
<br>
and doing:
<br>
<br>
- openssl genpkey -algorithm ED25519 ...
<br>
- openssl req
<br>
- openssl x509
<br>
- openssl pkcs12
<br>
<br>
for the creation of a self-signed PFX file ?
<br>
<br>
- Is the second way (ED25519 curve) a valid way of working?
<br>
- The purpose is to use the PFX file for encrypting emails with
s/mime. Will the PFX created with ED25519 work equally well in a
email client? Why?
<br>
</blockquote>
<br>
most *modern* email clients will accept ED25519 keys but there are
no guarantees. It will depend also on the CA used to sign the
certificate in the step `openssl x509` . Also keep in mind that the
receiving party will need to trust the CA certificate for the mail
to be considered "secure".<br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
<br>
</body>
</html>