On Thu, Jun 30, 2016 at 5:11 PM, Matt Caswell wrote:
>
>
> On 30/06/16 16:54, Salz, Rich wrote:
> >> Since X25519 is not the first "encrypt-only" algorithm in the
> >> OpenSSL universe, how was requesting certificates handled for
> >> such algorithms in the past?
> >
> > It wasn't.
> >
> >> For e
The solution should then be to modify apps/ca.c:certify() function to add
> an arg, and avoid the call to X509_REQ_verify when desired.
>
> Cordialement,
> Erwann Abalea
>
> Le 29 juin 2016 à 19:17, Michael Scott a écrit :
>
> Thanks Erwann, but that's not an answer
On Wed, Jun 29, 2016 at 6:21 PM, Salz, Rich wrote:
>
> > To repeat: X25519 only supports key exchange. The 25519 signing
> > mechanism is not yet defined.
>
Which I don't have a problem with.
But surely the openssl command line tool should provide a mechanism for
allowing an X25519-based certi
ue is defined, so it can
>be enclosed into cert.signatureValue
>
>
> All this is being discussed at CFRG.
>
> Cordialement,
> Erwann Abalea
>
> Le 29 juin 2016 à 16:46, Michael Scott a écrit :
>
> Hello,
>
>
> How do I do this? Using the OpenSSL command lin
WellI can help with CFRG - its Crypto Forum Research Group.
Mike
On Wed, Jun 29, 2016 at 4:10 PM, Jakob Bohm wrote:
> On 29/06/2016 16:53, Salz, Rich wrote:
>
>> How do I do this? Using the OpenSSL command line tool, a certificate
>>> request must be self-signed, but the X25519 elliptic curve
Hello,
How do I do this? Using the OpenSSL command line tool, a certificate
request must be self-signed, but the X25519 elliptic curve (newly supported
in version 1.1.0), doesn't do signature, it can only be used for key
exchange.
(Of course the X25519 Montgomery curve is birationally equivalent
