ECDSA certificate question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ECDSA certificate question

OpenSSL - User mailing list

Hello everybody,

 

Is there a way to generate a ECDSA certificate with SM2 typed public key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x version?

 

Thank you very much!

Bob

Reply | Threaded
Open this post in threaded view
|

RE: ECDSA certificate question

OpenSSL - User mailing list
Thanks Michael,

I tried to invoke SM3 algorithm in command "openssl req -new -key eckey.pem -x509 -sm3 -nodes -days 365 -out cert.csr", unfortunately got the following error:

        140320586413888:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:crypto/ec/ec_pmeth.c:331:


-----Original Message-----
From: Michael Richardson <[hidden email]>
Sent: Tuesday, September 22, 2020 4:36 PM
To: Yan, Bob <[hidden email]>
Cc: [hidden email]
Subject: Re: ECDSA certificate question


Yan, Bob via openssl-users <[hidden email]> wrote:
    > Is there a way to generate a ECDSA certificate with SM2 typed public
    > key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x
    > version?

I don't know the detail with the SM3, part, but have you seen:

  https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-09
  https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki

but, 1.1.1 release notes say it supports SM3. I expect you need to tweak something when "openssl req" is run.

--
Michael Richardson <[hidden email]>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide