On 07/16/2011 06:50 AM, [email protected] wrote:
> openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
> Error setting context
My premise is that we are considering only OpenSSL v 1.0.0. Under this
condition, as I wrote in the first post, I do something like:
# generate EC private key for curve sect571k1, no point compression
# (to enable point compression, use "-conv_form compressed" )
openssl ecparam -out cakey.pem -name sect571k1 -text -genkey
# generate EC certificate with the above private key with SHA512
# (note that the -sha512 arg has no effect if using v0.9.8, it
# will use SHA-1 instead)
openssl req -out cacert.pem -key cakey.pem -sha512 -x509 -new
# check that everything is OK
openssl x509 -text -in cacert.pem
Certificate:
...
*Signature Algorithm: ecdsa-with-SHA512*
Issuer:
...
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
02:3A:...
ASN1 OID: sect571k1
X509v3 extensions:
...
*Signature Algorithm: ecdsa-with-SHA512*
20:89:...
-----BEGIN CERTIFICATE-----
MIJ...
...
ASd45g==
-----END CERTIFICATE-----
Any wrongdoing up to here?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
