Hi,
For teaching purposes I wish to implement a semi-ephemeral DH key exchange like
in NIST SP800-56 (but for a non EC group).
The recipient’s key is static while the sender’s key is ephemeral.
To authenticate the ephemeral sender key I’d like to X.509 certify it (and also
the recipent’s one too).
I can generate the dh parameters, the static and ephemeral keys, put it in PEM
format.
So far so good.
But I cannot find how to create the csr to provide to a CA.
While trying with x509, I got the error message
Key must be an rsa, dsa, ec, ed25519, or ed448 private key.
Is there any way to get a certificate for a dh public key ?
I can accept to use OpenSSL for this but couldn’t find either a way to proceed.
Thanks for you help and sorry if my question is not well addressed to the list.
I did not subscribe to the list, so I would appreciate a direct reply.
Regards,
Bruno
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
