On Mon, Jun 07, 2010, Davi Tozoni wrote: > Hello, > > I was experimenting OpenSSL 1.0.0 and I needed to create a request that must > be signed with Whirlpool hash algorithm. However, when I used the command: > > openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem > > It didn't work. The error message was: > 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong > public key type:p_sign.c:125: > 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP > lib:a_sign.c:279: > > I wish to know if the fact that whirlpool can't work for x509 requests is a > decision of openssl developers or there is another reason. Perhaps I am not > using it correctly. > > PS: I am trying to hack openssl source code to find where I could include > changes that would allow to use whirlpool. Do you have any hint? >
In order to use a digest for signature purposes it has to have an appropriate object identifier (OID) defined. For example sha1WithRSAEncryption for SHA1 and RSA. You can't just make one up it has to be standardised, there is no OID in OpenSSL corresponding to whirlpool with RSA and you get that error as a result. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
