Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-19 Thread Abhilash K.V 
Hi Steve,

This worked now. Thanks

Thanks,
Abhilash.

On Mon, Jul 18, 2016 at 7:34 AM, Abhilash K.V  wrote:

> Hi Steve,
>
> Thanks for the information I was not aware of that.
>
> Yes, did that modification and now I am getting it as following (I passed
> EVP_sha512()).
>
> Signature Algorithm: ecdsa-with-SHA256
>
> Thanks,
> Abhilash.
>
> On Sun, Jul 17, 2016 at 8:05 PM, Dr. Stephen Henson 
> wrote:
>
>> On Sun, Jul 17, 2016, Abhilash K.V wrote:
>>
>> > I am trying to generate a CSR using EC and wanted to have signature
>> > algorithm as ???ecdsa-with-SHA512???.
>> >
>> > But in the generated csr I am getting signature algorithms as
>> ???Signature
>> > Algorithm: ecdsa-with-SHA1??? always.
>> >
>> >
>> > if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
>> >
>>
>> Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is
>> only
>> retained for compatibility with old code. Use EVP_sha512() instead.
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-17 Thread Abhilash K.V 
Hi Steve,

Thanks for the information I was not aware of that.

Yes, did that modification and now I am getting it as following (I passed
EVP_sha512()).

Signature Algorithm: ecdsa-with-SHA256

Thanks,
Abhilash.

On Sun, Jul 17, 2016 at 8:05 PM, Dr. Stephen Henson 
wrote:

> On Sun, Jul 17, 2016, Abhilash K.V wrote:
>
> > I am trying to generate a CSR using EC and wanted to have signature
> > algorithm as ???ecdsa-with-SHA512???.
> >
> > But in the generated csr I am getting signature algorithms as
> ???Signature
> > Algorithm: ecdsa-with-SHA1??? always.
> >
> >
> > if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
> >
>
> Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is
> only
> retained for compatibility with old code. Use EVP_sha512() instead.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-17 Thread Dr. Stephen Henson 
On Sun, Jul 17, 2016, Abhilash K.V wrote:

> I am trying to generate a CSR using EC and wanted to have signature
> algorithm as ???ecdsa-with-SHA512???.
> 
> But in the generated csr I am getting signature algorithms as ???Signature
> Algorithm: ecdsa-with-SHA1??? always.
> 
> 
> if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
> 

Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is only
retained for compatibility with old code. Use EVP_sha512() instead.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-17 Thread Abhilash K.V 
Hi ,



I am trying to generate a CSR using EC and wanted to have signature
algorithm as “ecdsa-with-SHA512”.

But in the generated csr I am getting signature algorithms as “Signature
Algorithm: ecdsa-with-SHA1” always.



Open ssl version : 1.0.1



It would be great if you can help me on this.



Code below:



int generate_csr()

{

EVP_PKEY *privkey;



if ((privkey = EVP_PKEY_new()) == NULL) {

printf("Cannot allocate memory for private key.\n");

exit(1);

}



EC_KEY *eckey;





printf("Generating ECC keypair...\n");

eckey = EC_KEY_new();

if (NULL == eckey) {

printf("Failed to create new EC Key\n");

return -1;

}



EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp521r1);

if (NULL == ecgroup) {

printf("Failed to create new EC Group\n");

return -1;

}



int set_group_status = EC_KEY_set_group(eckey, ecgroup);

const int set_group_success = 1;

if (set_group_success != set_group_status) {

printf("Failed to set group for EC Key\n");

return -1;

}





if (!EC_KEY_generate_key(eckey)) {

printf("Failed to generate EC Key\n");

exit(1);

}



if (!EVP_PKEY_assign_EC_KEY(privkey, eckey)) {

printf("Cannot assign keypair to private key.\n");

exit(1);

}



X509_REQ *req;

if ((req = X509_REQ_new()) == NULL) {

printf("Cannot allocate memory for certificate request.\n");

exit(1);

}



X509_NAME * name;

name = X509_REQ_get_subject_name(req);

X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)
"alice", -1, -1, 0);

X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_ASC, (unsigned
char *)"al...@darkmatter.ae", -1, -1, 0);



X509_REQ_set_pubkey(req, privkey);

if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {

printf("Cannot sign request.\n");

exit(1);

}







const char *keyfn = "/Users/abhilash/test/csr_sample/tempkey.der";

const char *csrfn = "/Users/abhilash/test/csr_sample/tempcsr.der";

// write to files ...

FILE * f;

f = fopen(keyfn, "w");



i2d_PrivateKey_fp(f, privkey);



fclose(f);

f = fopen(csrfn, "w");

i2d_X509_REQ_fp(f, req);

fclose(f);

return 0;

}





Thanks,

Abhilash.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users