FYI ECC was added to Windows VISTA, Ryan Hurst
Sent from my phone, please forgive the brevity. On Jan 30, 2013, at 5:51 AM, "Dr. Stephen Henson" <st...@openssl.org> wrote: > On Wed, Jan 30, 2013, cellecial wrote: > >> Hi, >> >> I write some code to generate an ECC certificate, it works partly. >> The certificate can be parsed by IE but prompt "signature corrupt". > > Are you sure that version of Windows supports ECC cerrificates? > >> So I dump the cert using X509_print_fp(),here is the information: >> >> /*=============================================*/ >> Certificate: >> Data: >> Version: 1 (0x0) >> Serial Number: 0 (0x0) >> Signature Algorithm: ecdsa-with-SHA1 >> Issuer: C=AU, ST=SS, L=LL, O=LONG, OU=DEV, >> CN=CA/emailAddress=ad...@long.com >> Validity >> Not Before: Jan 29 07:39:02 2013 GMT >> Not After : Jan 29 07:39:02 2014 GMT >> Subject: C=AU, ST=SS, L=LL, O=LONG, OU=DEV, >> CN=CA/emailAddress=ad...@long.com >> Subject Public Key Info: >> Public Key Algorithm: id-ecPublicKey >> Public-Key: (256 bit) >> pub: >> 04:c6:f8:32:9a:99:ff:8f:66:f4:05:57:33:86:b1: >> 6d:18:2b:71:38:35:67:f9:37:b6:3b:e7:fc:26:dc: >> 9b:bc:40:76:64:53:ef:b4:1d:18:24:79:bc:93:ab: >> 2f:5d:50:4c:63:fb:e6:4c:d5:2e:44:8b:f2:05:e9: >> 4c:ca:4c:3d:49 >> Field Type: prime-field >> Prime: >> 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: >> 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: >> ff:ff:ff >> A: >> 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: >> 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: >> ff:ff:fc >> B: >> 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86: >> bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2: >> 60:4b >> Generator (uncompressed): >> 04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4: >> 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8: >> 98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a: >> 7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40: >> 68:37:bf:51:f5 >> Order: >> 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff: >> ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc: >> 63:25:51 >> Cofactor: 1 (0x1) >> Seed: >> c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26: >> b7:81:9f:7e:90 >> Signature Algorithm: ecdsa-with-SHA1 >> 30:45:02:20:1f:7a:53:12:6f:7f:79:f8:8a:f8:15:dd:f0:3a: >> b4:cd:4e:46:1d:f3:bd:89:53:33:88:ab:c6:dc:7f:d8:4b:33: >> 02:21:00:ca:87:43:6b:35:8f:44:db:ee:56:2a:52:4a:86:8c: >> f4:14:b3:ae:71:49:e5:1f:94:67:a5:2a:e2:c9:27:22:90 >> >> /*=============================================*/ >> As you can see, there are some extra info in "Public Key Info" section. >> I thought I know the reason, here is my origin code snippet: > > That extra info is the default way the EC key is currently encoded by OpenSSL: > explicitly giving all the EC curve details. > > If you want it to just use the curve name instead you have to call: > > EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME cryptographic signature
