On 08/10/2017 04:26 PM, Viktor Dukhovni wrote:
On Thu, Aug 10, 2017 at 03:17:02PM -0400, Robert Moskowitz wrote:
Are you sure you want secp256k1? By far the more common choice is
prime256r1 (aka P-256 or secp256r1).
Do you mean prime256v1?
Yes, it is the primary name in OpenSSL for
On Thu, Aug 10, 2017 at 03:17:02PM -0400, Robert Moskowitz wrote:
> > Are you sure you want secp256k1? By far the more common choice is
> > prime256r1 (aka P-256 or secp256r1).
>
> Do you mean prime256v1?
Yes, it is the primary name in OpenSSL for secp256r1 aka (NIST) P-256.
--
On 08/10/2017 02:27 PM, Viktor Dukhovni wrote:
On Thu, Aug 10, 2017 at 12:03:31PM -0400, Robert Moskowitz wrote:
openssl ecparam -name secp256k1 -genkey -noout -out private/ca.key.pem
But openssl ecparam does not have any option equivalent (that I can find) to
-aes256
Yes, this command
On Thu, Aug 10, 2017 at 02:49:02PM -0400, Robert Moskowitz wrote:
> > The command that does is:
> >
> > $ openssl genpkey -aes256 -algorithm ec \
> > -pkeyopt ec_paramgen_curve:secp256k1 \
> > -pkeyopt ec_param_enc:named_curve \
> > -out private/ca.key.pem
>
> So I see that I
Thank you, Viktor.
On 08/10/2017 02:27 PM, Viktor Dukhovni wrote:
On Thu, Aug 10, 2017 at 12:03:31PM -0400, Robert Moskowitz wrote:
openssl ecparam -name secp256k1 -genkey -noout -out private/ca.key.pem
But openssl ecparam does not have any option equivalent (that I can find) to
-aes256
On Thu, Aug 10, 2017 at 12:03:31PM -0400, Robert Moskowitz wrote:
> openssl ecparam -name secp256k1 -genkey -noout -out private/ca.key.pem
>
> But openssl ecparam does not have any option equivalent (that I can find) to
> -aes256
Yes, this command does not currently support key encryption.
>
I am following:
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
But modifying it to produce ECDSA certs. So the first step is to make
the private key. Jamie says:
openssl genrsa -aes256 -out private/ca.key.pem 4096
The -aes256 option supposedly password