query related to openssl certificate generation of Ed X25519,X448

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

query related to openssl certificate generation of Ed X25519,X448

Sowmya P
Hi , 
Have query regarding generation of X255519 and X448 certificate chain

Below is the script which i used to generate certificate chain of Ecdsa type.

Now for generating EdDSA certificate chain I am using command from (https://github.com/openssl/openssl/issues/6201). But with this command I am able to generate only certificate and private key pair. But not able to generate certificate chain. 



Below is the command used for generating end entity cert 

Openssl req -config openssl.cnf -new -key serverkey.pem -subj”/C=IN/ST=kar/L=En/0=htipl/OU=team/CN=server” -outr server_cert.csr

Openssl ca -config openssl.cnf  -cert rootcert.pem -key rootkey.pem -extensions usr_cert -subj -days 360 -md sha256 -in server_cert.csr -out server_cert.pem 
   When i executed above command below errro is thrown 

Cant open ./root/private/cakey.pem for reading no such file or directory 
 System library:fopen:no such file or directory:crypto/bio/bss_file.c :72 
Bio routines :BIO_new_file:no such file crypto/bio:bss_file.c 




Tried another command to generated server cert that is openssl x509 -req -days 360 -in server_cert.csr -signkey rootykey.pem -sha256 -out serever.crt 

For this       elliptic curve routines:pkey_ecd_ctrl:invalid digest type:crypto/ec/ecx_meth.c     
 error will be thrown 


Please help me out to resolve this issue 


Thanks ,
Soumya pattada.


Reply | Threaded
Open this post in threaded view
|

Re: query related to openssl certificate generation of Ed X25519, X448

Billy Brumley
I think the error messages are pretty clear in these cases. Trying to
set a hash with (standardized) EdDSA is not going to go well for you.

Have you tried this very nice walkthrough?

https://tools.ietf.org/html/draft-moskowitz-eddsa-pki-00

BBB

On Thu, Jun 6, 2019 at 9:47 AM Sowmya P <[hidden email]> wrote:

>
> Hi ,
> Have query regarding generation of X255519 and X448 certificate chain
>
> Below is the script which i used to generate certificate chain of Ecdsa type.
> https://github.com/raja-ashok/sample_certificates/blob/master/ECC_Prime256_Certs/gen_ecc_cert.sh
>
> Now for generating EdDSA certificate chain I am using command from (https://github.com/openssl/openssl/issues/6201). But with this command I am able to generate only certificate and private key pair. But not able to generate certificate chain.
>
>
>
> Below is the command used for generating end entity cert
>
> Openssl req -config openssl.cnf -new -key serverkey.pem -subj”/C=IN/ST=kar/L=En/0=htipl/OU=team/CN=server” -outr server_cert.csr
>
> Openssl ca -config openssl.cnf  -cert rootcert.pem -key rootkey.pem -extensions usr_cert -subj -days 360 -md sha256 -in server_cert.csr -out server_cert.pem
>    When i executed above command below errro is thrown
>
> Cant open ./root/private/cakey.pem for reading no such file or directory
>  System library:fopen:no such file or directory:crypto/bio/bss_file.c :72
> Bio routines :BIO_new_file:no such file crypto/bio:bss_file.c
>
>
>
>
> Tried another command to generated server cert that is openssl x509 -req -days 360 -in server_cert.csr -signkey rootykey.pem -sha256 -out serever.crt
>
> For this       elliptic curve routines:pkey_ecd_ctrl:invalid digest type:crypto/ec/ecx_meth.c
>  error will be thrown
>
>
> Please help me out to resolve this issue
>
>
> Thanks ,
> Soumya pattada.
>
>