I missed that
> part.
>
> The solution should then be to modify apps/ca.c:certify() function to add
> an arg, and avoid the call to X509_REQ_verify when desired.
>
> Cordialement,
> Erwann Abalea
>
> Le 29 juin 2016 à 19:17, Michael Scott <mike.sc...@miracl.com&g
On Thu, Jun 30, 2016 at 5:11 PM, Matt Caswell wrote:
>
>
> On 30/06/16 16:54, Salz, Rich wrote:
> >> Since X25519 is not the first "encrypt-only" algorithm in the
> >> OpenSSL universe, how was requesting certificates handled for
> >> such algorithms in the past?
> >
> > It
Hello,
How do I do this? Using the OpenSSL command line tool, a certificate
request must be self-signed, but the X25519 elliptic curve (newly supported
in version 1.1.0), doesn't do signature, it can only be used for key
exchange.
(Of course the X25519 Montgomery curve is birationally
WellI can help with CFRG - its Crypto Forum Research Group.
Mike
On Wed, Jun 29, 2016 at 4:10 PM, Jakob Bohm wrote:
> On 29/06/2016 16:53, Salz, Rich wrote:
>
>> How do I do this? Using the OpenSSL command line tool, a certificate
>>> request must be self-signed, but
coding for the signature value is defined, so it can
>be enclosed into cert.signatureValue
>
>
> All this is being discussed at CFRG.
>
> Cordialement,
> Erwann Abalea
>
> Le 29 juin 2016 à 16:46, Michael Scott <mike.sc...@miracl.com> a écrit :
>
> Hello,
On Wed, Jun 29, 2016 at 6:21 PM, Salz, Rich wrote:
>
> > To repeat: X25519 only supports key exchange. The 25519 signing
> > mechanism is not yet defined.
>
Which I don't have a problem with.
But surely the openssl command line tool should provide a mechanism for
allowing an