Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512
Hi Steve, This worked now. Thanks Thanks, Abhilash. On Mon, Jul 18, 2016 at 7:34 AM, Abhilash K.Vwrote: > Hi Steve, > > Thanks for the information I was not aware of that. > > Yes, did that modification and now I am getting it as following (I passed > EVP_sha512()). > > Signature Algorithm: ecdsa-with-SHA256 > > Thanks, > Abhilash. > > On Sun, Jul 17, 2016 at 8:05 PM, Dr. Stephen Henson > wrote: > >> On Sun, Jul 17, 2016, Abhilash K.V wrote: >> >> > I am trying to generate a CSR using EC and wanted to have signature >> > algorithm as ???ecdsa-with-SHA512???. >> > >> > But in the generated csr I am getting signature algorithms as >> ???Signature >> > Algorithm: ecdsa-with-SHA1??? always. >> > >> > >> > if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) { >> > >> >> Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is >> only >> retained for compatibility with old code. Use EVP_sha512() instead. >> >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512
Hi Steve, Thanks for the information I was not aware of that. Yes, did that modification and now I am getting it as following (I passed EVP_sha512()). Signature Algorithm: ecdsa-with-SHA256 Thanks, Abhilash. On Sun, Jul 17, 2016 at 8:05 PM, Dr. Stephen Hensonwrote: > On Sun, Jul 17, 2016, Abhilash K.V wrote: > > > I am trying to generate a CSR using EC and wanted to have signature > > algorithm as ???ecdsa-with-SHA512???. > > > > But in the generated csr I am getting signature algorithms as > ???Signature > > Algorithm: ecdsa-with-SHA1??? always. > > > > > > if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) { > > > > Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is > only > retained for compatibility with old code. Use EVP_sha512() instead. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512
On Sun, Jul 17, 2016, Abhilash K.V wrote: > I am trying to generate a CSR using EC and wanted to have signature > algorithm as ???ecdsa-with-SHA512???. > > But in the generated csr I am getting signature algorithms as ???Signature > Algorithm: ecdsa-with-SHA1??? always. > > > if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) { > Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is only retained for compatibility with old code. Use EVP_sha512() instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512
Hi , I am trying to generate a CSR using EC and wanted to have signature algorithm as “ecdsa-with-SHA512”. But in the generated csr I am getting signature algorithms as “Signature Algorithm: ecdsa-with-SHA1” always. Open ssl version : 1.0.1 It would be great if you can help me on this. Code below: int generate_csr() { EVP_PKEY *privkey; if ((privkey = EVP_PKEY_new()) == NULL) { printf("Cannot allocate memory for private key.\n"); exit(1); } EC_KEY *eckey; printf("Generating ECC keypair...\n"); eckey = EC_KEY_new(); if (NULL == eckey) { printf("Failed to create new EC Key\n"); return -1; } EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp521r1); if (NULL == ecgroup) { printf("Failed to create new EC Group\n"); return -1; } int set_group_status = EC_KEY_set_group(eckey, ecgroup); const int set_group_success = 1; if (set_group_success != set_group_status) { printf("Failed to set group for EC Key\n"); return -1; } if (!EC_KEY_generate_key(eckey)) { printf("Failed to generate EC Key\n"); exit(1); } if (!EVP_PKEY_assign_EC_KEY(privkey, eckey)) { printf("Cannot assign keypair to private key.\n"); exit(1); } X509_REQ *req; if ((req = X509_REQ_new()) == NULL) { printf("Cannot allocate memory for certificate request.\n"); exit(1); } X509_NAME * name; name = X509_REQ_get_subject_name(req); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *) "alice", -1, -1, 0); X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_ASC, (unsigned char *)"al...@darkmatter.ae", -1, -1, 0); X509_REQ_set_pubkey(req, privkey); if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) { printf("Cannot sign request.\n"); exit(1); } const char *keyfn = "/Users/abhilash/test/csr_sample/tempkey.der"; const char *csrfn = "/Users/abhilash/test/csr_sample/tempcsr.der"; // write to files ... FILE * f; f = fopen(keyfn, "w"); i2d_PrivateKey_fp(f, privkey); fclose(f); f = fopen(csrfn, "w"); i2d_X509_REQ_fp(f, req); fclose(f); return 0; } Thanks, Abhilash. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users