On Tue, Mar 22, 2011, Massimiliano Pala wrote: > Hello Peter, all, > > thanks for the hint.. but I was actually looking more at a way to check if > a certificate has been signed with one of the curves you listed. Maybe it is > not possible, but it would be nice to be able to say "this certificate has > been signed with P-256" - since this can be a requirement for rejecting or > accepting a certificate. > > The other solution is to extract the key from the signer's certificate, check > the signature with it and, if it checks out, check that the key is of a > particular curve... is there any better way to do it ? >
Are you talking programattically or by parsing text output of an OpenSSL utility? It should be easy enough programatically. BTW as regards curve names and their NID equivalents: I looked into this for the ECDSA tests for the latest validation. There's a translation function in fips/ecdsa/fips_ecdsavs.c which I'm fairly confident is correct as it passes the test vectors I've thrown at it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
