Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-24 Thread Jeffrey Walton
On Mon, Oct 23, 2017 at 6:47 PM, Kyle Hamilton wrote: > Out of curiosity, what are the algorithm identifiers for X25519 and Ed25519? > The ones I am aware of are available in http://tools.ietf.org/html/draft-josefsson-pkix-newcurves. Jeff -- openssl-users mailing list To

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-23 Thread Kyle Hamilton
Out of curiosity, what are the algorithm identifiers for X25519 and Ed25519? -Kyle H On Mon, Oct 23, 2017 at 3:24 PM, Jakob Bohm wrote: > On 21/10/2017 15:38, Codarren Velvindron wrote: >> >> https://tls13.crypto.mozilla.org is using : The connection to this site is >>

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-23 Thread Jakob Bohm
On 21/10/2017 15:38, Codarren Velvindron wrote: https://tls13.crypto.mozilla.org is using : The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.3), a strong key exchange (X25519), and a strong cipher (AES_128_GCM). Using openssl standard tools is it

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Salz, Rich via openssl-users
They are NOT using a 25519 certificate; it says “key exchange” From: Codarren Velvindron <devild...@gmail.com> Date: Saturday, October 21, 2017 at 9:38 AM To: Rich Salz <rs...@akamai.com>, openssl-users <openssl-users@openssl.org> Subject: Re: [openssl-users] Generating CSR

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Jeffrey Walton
On Sat, Oct 21, 2017 at 9:38 AM, Codarren Velvindron wrote: > https://tls13.crypto.mozilla.org is using : The connection to this site is > encrypted and authenticated using a strong protocol (TLS 1.3), a strong key > exchange (X25519), and a strong cipher (AES_128_GCM).

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Codarren Velvindron
https://tls13.crypto.mozilla.org is using : The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.3), a strong key exchange (X25519), and a strong cipher (AES_128_GCM). Using openssl standard tools is it possible to generate a CSR through Ed25519 ? --

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Salz, Rich via openssl-users
* How would we be able to achieve this? I have read somewhere on a 2016 mail in the archives that it is an "encrypt-only" algorithm and that is not possible. X25519 is a key-exchange-only algorithm. Ed25519 is a signing algorithm. Unlike classic RSA, the signing and the key exchange are

[openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Codarren Velvindron
Errata: I meant private key -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Codarren Velvindron
Hello, How would we be able to achieve this? I have read somewhere on a 2016 mail in the archives that it is an "encrypt-only" algorithm and that is not possible. But I have found many sites on let's encrypt already using this. Does anyone know how to do this? Thanks, Codarren --