I have followed the procedure I made for ECDSA certs in:
draft-moskowitz-ecdsa-pki (an update is pending on typos I encountered
in this run through)
But making ED25519 certs instead.
Other than obvious changes (e.g. -algorithm ed25519) and hash
specification, I was successful.
My testing was done on a Fedora-armhfp-28-beta system providing openssl:
OpenSSL 1.1.1-pre8 (beta) FIPS 20 Jun 2018
I am going to assume that PR6901 will go into the next beta and I can
drop the '-md null' from some command lines and do not have to make
special .cnf files without md_default lines.
I will test this on the next beta to be sure (trust, but verify!)
Remaining to do:
Using the tree command, here are some certificate size comparisons
ECDSA ED25519
Root cert 826 737
Intermedicate CA cert 806 721
Client cert 944 834
Server cert 1086 971
thank you for making ED25519 available!
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
