On 6/5/19 8:39 AM, Renaud Allard wrote:
On 6/5/19 8:20 AM, Gilles Chehade wrote:On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote:On 6/3/19 11:53 AM, Renaud Allard wrote:On 5/29/19 9:58 AM, Florian Obser wrote:why not let acme-client generate the key?Here is a more complete diff where you can use the -E switch to generate a ECDSA key instead of the RSA one.I refined a little bit the patch to not put ecdsa functions into rsa.c. So Irenamed rsa.c to key.c and removed the rsa references to functions which apply to both rsa and ecdsa.reads, builds and works fine for me a couple comments inlinedI removed the parenthesis and used another wording, removed the RSA from a "Load RSA key" as it might not be RSA and added E to the SYNOPSYS.
For completion, just in case you are wondering why I choose secp384r1 instead of secp521r1. It is because letsencrypt doesn't allow 521 bits keys. They return "Invalid key in certificate request :: ECDSA curve P-521 not allowed"
smime.p7s
Description: S/MIME Cryptographic Signature