cryptography does not support encoding a FFDH public key in a
certificate at this time. OpenSSL should since the OID for a DH public
key cert is defined in RFC 3279 (among other places).
-Paul
On Wed, May 15, 2024 at 1:02 PM Bruno Martin
wrote:
>
> Hi,
>
> For teaching purposes I wish to implem
Hi,
For teaching purposes I wish to implement a semi-ephemeral DH key exchange like
in NIST SP800-56 (but for a non EC group).
The recipient’s key is static while the sender’s key is ephemeral.
To authenticate the ephemeral sender key I’d like to X.509 certify it (and also
the recipent’s one too
