None of ciphersuites specified in second list, meets the requiremencts specified in first list.
(Only second ciphersuite uses ECDSA Au, it also is the only one, not using any variant of DES or RC4)
There exists ECDHE-ECDSA ciphersuites usring RC4, but these are not in this list.
When generating a key, you tried to generate a RSA key, ECDSA requires ECDSA (or ECC?) key.
Generally, key exchange method and authentication method, are independent of simetric cipher method.
genrsa -out keyRC4-40.pem
generated a RSA key of default size (512 bits), it cannot be used with ECDSA
naming it "RC4-40" has no influence on choice of simetric cipher
rsa -in keyRC4-40.pem -rc4-40 -out RC4-40.pem
this was supposed to encrypt that RSA key using RC4-40 algorithm and supplied passphrase
(there is no rc4-40 in list of available key encryption algorithms, but it seems to work)
req -new -x509 -key RC4-40.pem -out carc4-40.crt
tried to generate a self signed (RSA) certificate
I repeated these steps and everything worked as expected.
Did you supply correct passphrase at req (when requested)?
Without passphrase it cannot load private key.
(512 bit RSA keys are insecure)
Choice of ciphersuite depends on server and client configuration, just
certificate with RSA key will work with RSA, DH-RSA and ECDH-RSA ciphersuites;
certificate with ECDSA key will work with ECDHE ciphersuites.
Hello
I try to make ca signature about following case.
1. Kx=DH, ECDH
2. Au=ECDSA
3. Enc=DES(56),3DES(168),RC4(40), rc4(128)For example I would like to know following cipher zuite.
EDH-RSA-DES-CBC3-SHA
ECDHE-ECDSA-AES256-SHA
RC4-MD5
EXP-DES-CBS-SHABut I can not find the way.
For example, I tried following to make rc4 ca signature but I got errors.
OpenSSL> genrsa -out keyRC4-40.pem
Loading 'screen' into random state - done
Generating RSA private key, 512 bit long modulus
.........++++++++++++
.....++++++++++++
e is 65537 (0x10001)
OpenSSL> rsa -in keyRC4-40.pem -rc4-40 -out RC4-40.pem
writing RSA key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
OpenSSL> req -new -x509 -key RC4-40.pem -out carc4-40.crtEnter pass phrase for RC4-40.pem:
unable to load Private Key
4204:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:.\crypto\asn1\asn1_lib.c:150:
4204:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\crypto\asn1\tasn_dec.c:1306:
4204:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=RSA
4204:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:.\crypto\rsa\rsa_ameth.c:115:
4204:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:.\crypto\asn1\asn1_lib.c:150:
4204:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\crypto\asn1\tasn_dec.c:1306:
4204:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=PKCS8_PRIV_KEY_INFO
4204:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\pem_pkey.c:132:
error in reqWould you teach me the correct process ?
Thanks
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
