The key itself is good. Its encoding in the CSR isn't.
Looks like the public key was X9.62 encoded in its uncompressed form (i.e.
start with a 04 octet, and then the octets composing the x and y coordinates),
and then wrapped into an ASN.1 OCTET STRING (i.e. use the 04 tag, plus a 0x41
length, a
The key is generated by a lovely HSM - which is by its nature a bit of a closed
box. Whose vendor is very sure its software is right.
So this helps a lot - and helps confirm what we thought !
Thanks,
Dw
> On 8 Aug 2020, at 04:16, Frank Migge wrote:
>
> Hi Dirk-Willem,
>
> Something is wrong
Hi Dirk-Willem,
Something is wrong with your EC key. The error mentions that it can't
get the curve points from the key data. How did you generate the key?
If it helps, here is a working CSR example, using a prime256v1 key for
comparison:
-BEGIN CERTIFICATE REQUEST-
MIIBDjCBtAIBADArMQswC
Below CSR gives me an odd error with the standard openssl REQ command:
openssl req -inform DER -noout -pubkey
Error getting public key
140673482679616:error:10067066:elliptic curve
routines:ec_GFp_simple_oct2point:invalid encoding:../crypto/ec/ecp_oct.c:312:
1406
