Bonjour,

You may have a classic certificate containing your {X,Ed}{25519,448,whatever} 
public key once:

  *   an OID is allocated to identify this type of public key (it will go into 
tbs.subjectPublicKeyInfo.algorithm.algorithm)
  *   a set of associated optional parameters are defined for this OID (to go 
into tbs.subjectPublicKeyInfo.algorithm.parameters)
  *   a canonical encoding for this type of public key is defined, so the key 
material can be enclosed into tbs.subjectPublicKeyInfo.subjectPublicKey

This certificate may be RSA-signed or ECDSA-signed (or whatever-signed, in 
fact).

For a CA to be able to Ed{25519,448,whatever}-sign something, the previous 
steps must have been done, plus:

  *   an OID is allocated to identify the signature algorithm to apply (it will 
not be ECDSA) -> cert.signatureAlgorithm.algorithm
  *   a set of associated optional parameters are defined for this OID -> 
cert.signatureAlgorithm.parameters
  *   a canonical encoding for the signature value is defined, so it can be 
enclosed into cert.signatureValue

All this is being discussed at CFRG.

Cordialement,
Erwann Abalea

Le 29 juin 2016 à 16:46, Michael Scott 
<mike.sc...@miracl.com<mailto:mike.sc...@miracl.com>> a écrit :

Hello,


How do I do this? Using the OpenSSL command line tool, a certificate request 
must be self-signed, but the X25519 elliptic curve (newly supported in version 
1.1.0), doesn't do signature, it can only be used for key exchange.

(Of course the X25519 Montgomery curve is birationally equivalent to an Edwards 
curve which can do signature. And indeed it is our intention to use the Edwards 
curve. But first I need a CA-signed X25519 cert. But because of the above 
catch-22 problem, I cannot create one.)


Mike


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to