This is connected to the Trustworthy Multipurpose Remote IDs
([email protected])
Right now I am working on what a eddsa pki would be that would back up
the proposed HHITs and various repositories. For this I want to
generate some testing HHITs.
These HHITs will be used in x.509 certs as in rfc 8002, but also as
subjectName in the signing cert. This causes some challenges as to how
to present an IPv6 value in subjectName (this is a separate question
from this missive).
I will use openssl from my draft-moskowitz-eddsa-pki and HHIT format
from draft-moskowitz-hierarchical-hip (sec 4).
Note about current HHIT draft and sec 4. When I did this, I was using
ecdsa. The revised version of this draft (soon to be published) uses
eddsa and I am a bit unsure as to what hash I will recommend. But for
this stage, use ed25519/sha256.
I make the ed25519 keypair with:
openssl genpkey -aes256 -algorithm ed25519 -outform pem -out
entity.key.pem
Note the keypair is encrypted; it contains the private key. This can be
viewed with:
openssl pkey -inform pem -in entity.key.pem -text -noout
The public key can be extracted in DER format with:
openssl pkey -in entity.key.pem -out entity.pub.der -outform DER
-pubout
For the HHIT:
HIT SUITE ID = 4
RAA = 10
HDA = 20
It would be great to have this as a python or perl script. That way I
may learn something along the way.
Inputs are:
key file name
key password
HIT Suite ID
RRA
HDA
Output should be:
the HHIT in 128bit binary to some file
the HHIT in ipv6 : display format
Thanks on any help.
Bob
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
