Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-19 Thread Abhilash K.V 
Hi Steve,

This worked now. Thanks

Thanks,
Abhilash.

On Mon, Jul 18, 2016 at 7:34 AM, Abhilash K.V  wrote:

> Hi Steve,
>
> Thanks for the information I was not aware of that.
>
> Yes, did that modification and now I am getting it as following (I passed
> EVP_sha512()).
>
> Signature Algorithm: ecdsa-with-SHA256
>
> Thanks,
> Abhilash.
>
> On Sun, Jul 17, 2016 at 8:05 PM, Dr. Stephen Henson 
> wrote:
>
>> On Sun, Jul 17, 2016, Abhilash K.V wrote:
>>
>> > I am trying to generate a CSR using EC and wanted to have signature
>> > algorithm as ???ecdsa-with-SHA512???.
>> >
>> > But in the generated csr I am getting signature algorithms as
>> ???Signature
>> > Algorithm: ecdsa-with-SHA1??? always.
>> >
>> >
>> > if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
>> >
>>
>> Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is
>> only
>> retained for compatibility with old code. Use EVP_sha512() instead.
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-17 Thread Abhilash K.V 
Hi Steve,

Thanks for the information I was not aware of that.

Yes, did that modification and now I am getting it as following (I passed
EVP_sha512()).

Signature Algorithm: ecdsa-with-SHA256

Thanks,
Abhilash.

On Sun, Jul 17, 2016 at 8:05 PM, Dr. Stephen Henson 
wrote:

> On Sun, Jul 17, 2016, Abhilash K.V wrote:
>
> > I am trying to generate a CSR using EC and wanted to have signature
> > algorithm as ???ecdsa-with-SHA512???.
> >
> > But in the generated csr I am getting signature algorithms as
> ???Signature
> > Algorithm: ecdsa-with-SHA1??? always.
> >
> >
> > if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
> >
>
> Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is
> only
> retained for compatibility with old code. Use EVP_sha512() instead.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-17 Thread Dr. Stephen Henson 
On Sun, Jul 17, 2016, Abhilash K.V wrote:

> I am trying to generate a CSR using EC and wanted to have signature
> algorithm as ???ecdsa-with-SHA512???.
> 
> But in the generated csr I am getting signature algorithms as ???Signature
> Algorithm: ecdsa-with-SHA1??? always.
> 
> 
> if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {
> 

Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is only
retained for compatibility with old code. Use EVP_sha512() instead.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users