I have read:  https://github.com/openssl/openssl/issues/487

And I am trying to grok its meaning. I am running Fedora24 (I need to buy an new SSD before upgrading to F26) which has openssl 1.0.2k.

There is a note of a patch to 1.0.2j, but talk about 1.1.1. I have attempted to read


Is there a command line option for creating an ed25519 cert and if so what version? I tried:

openssl req -new -outform PEM -out certs/$commonName.crt -newkey ed25519 -nodes -keyout private/$commonName.key -keyform PEM -days 3650 -x509 -extensions v3_req -subj "/countryName=$countryName/stateOrProvinceName=$stateOrProvinceName/localityName=$localityName/organizationName=$organizationName/organizationalUnitName=$organizationalUnitName/commonName=$commonName/emailAddress=$emailAddress"

And got:

Unknown algorithm ed25519


On 07/27/2017 10:45 AM, Benjamin Kaduk wrote:
On 07/27/2017 09:18 AM, Robert Moskowitz wrote:

Meant to ask you about this at IETF.

Given draft-ietf-curdle-pkix-05.txt sec 10, is there openssl code to produce these???

There is code to validate them, per commit 4328dd41582bcdca8e4f51f0a3abadfafa2163ee. I didn't look hard enough to find how to generate them, but it ought to be there too.

And, relatedly, what do you think about CBOR encoding rather than ASN.1? Kill ASN.1 in constrained devices and save on transmission costs?

It seems hard to shift a big ecosystem and introduce risk of incompatibility, but I haven't really thought about it.


openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to