Thanks Michael,
I tried to invoke SM3 algorithm in command "openssl req -new -key eckey.pem
-x509 -sm3 -nodes -days 365 -out cert.csr", unfortunately got the following
error:
140320586413888:error:100C508A:elliptic curve
routines:pkey_ec_ctrl:invalid digest type:crypto/ec/ec_pmeth.c:331:
-Original Message-
From: Michael Richardson
Sent: Tuesday, September 22, 2020 4:36 PM
To: Yan, Bob
Cc: openssl-users@openssl.org
Subject: Re: ECDSA certificate question
Yan, Bob via openssl-users wrote:
> Is there a way to generate a ECDSA certificate with SM2 typed public
> key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x
> version?
I don't know the detail with the SM3, part, but have you seen:
https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-09
https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki
but, 1.1.1 release notes say it supports SM3. I expect you need to tweak
something when "openssl req" is run.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide