On 3/17/21 8:17 PM, Viktor Dukhovni wrote:
On Wed, Mar 17, 2021 at 07:44:05PM -0400, Robert Moskowitz wrote:

I have created my X25519 pub/priv keypair with:

openssl genpkey -algorithm X25519\
       -out $dir/private/$clientemail-X.key.$format
Are you sure you didn't want ed25519 instead?  X25519 is a key agreement
menthod, not a signature method.
My limited understanding is that for encrypted S/MIME, and ECDH cert
is needed.  Thus if ED25519 is used for signing said S/MIME, X25519 is
used for encrypting.
I see, this is for CMS, so you're trying to support:


openssl req -config $dir/openssl-intermediate.cnf\
       -key $dir/private/$clientemail-X.key.$format \
       -subj "$DN" -new -out $dir/csr/$clientemail-X.csr.$format

which is what I used for ED25519 client certs.  But I get an error:

140487683954496:error:0608D096:digital envelope
routines:EVP_PKEY_sign_init:operation not supported for this
Not surprising, why do you expect this to work?
Shooting from the hip, a bit.  If I am going to have an X25519 cert,
then I need a csr and this is the command to make one.  So try it and
see what it does.  Not too well, it turns out.
Well, CSRs are self-signed, and X25519 does not support signing, so
you CANNOT have an X25519 CSR.

Slap myself on the forehead....

Of course I know that.  But did not stop to think this through.   :(

Will read through all this and get back here....

You can however create an X25519
certificate directly for a given key:


with other details (names, extensions, ...) pulled from a CSR.
What can't get is proof of posession.

Oh, and I am ASSuMEing that a CA cert of ED25519 signs an X25519 client
cert.  Haven't found instructions on this, but it seems reasonable...
Well the CA can use any algorithm that supports signing, and is widely
supported.  It does not have to be Ed25519.

Reply via email to