On Tue, Mar 4, 2014 at 2:00 PM, Dave Thompson <dthomp...@prinpay.com> wrote: >> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton >> Sent: Tuesday, March 04, 2014 12:34 >> ... > > but that reminds me: does your ECDSA cert have the publickey in > named=OID format, NOT explicit (prime + coefficients + point + order etc.)? > > If your real client, like openssl, only offers named curves not explicit, > a cert containing an explicit key cannot be selected, even if the explicit > parameters are actually the parameters for a name-able curve. > If that's the case, then that's probably it. Below is a sample.
I've been using PEM_write_PKCS8PrivateKey and PEM_write_X509. What does one use to write the named curve? Thanks for the help. $ openssl x509 -in server-ecdsa-cert.pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 2718864780398442230 (0x25bb591cd3f836f6) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, O=Example, LLC, CN=Example, LLC Certification Authority Validity Not Before: Mar 3 00:00:00 2014 GMT Not After : Mar 12 00:00:00 2014 GMT Subject: O=Example, LLC/emailAddress=supp...@example.com, CN=Example, LLC Proxy Certificate Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:0e:2d:72:28:74:9f:0c:88:e4:25:a3:d4:09:1e: e6:7a:d0:97:89:ed:a4:8d:97:a7:56:aa:63:9d:ee: 94:a1:dd:2d:67:91:8a:88:1f:f9:ba:c3:22:1d:11: c6:8a:7e:a6:72:57:37:cf:dd:fc:eb:01:ca:5a:32: 55:5e:99:da:1c Field Type: prime-field Prime: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff A: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:fc B: 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86: bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2: 60:4b Generator (uncompressed): 04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4: 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8: 98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a: 7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40: 68:37:bf:51:f5 Order: 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff: ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc: 63:25:51 Cofactor: 1 (0x1) Seed: c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26: b7:81:9f:7e:90 X509v3 extensions: X509v3 Subject Alternative Name: DNS:debian-q500 X509v3 Subject Alternative Name: DNS:localhost X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment, Key Agreement Netscape Comment: Powered by OpenSSL X509v3 Subject Key Identifier: 6A:12:D9:BD:F1:C1:33:A8:68:C9:9C:F6:51:99:3F:49:1E:5C:BF:DA X509v3 Authority Key Identifier: keyid:BD:84:4D:C6:A7:22:72:E9:91:08:4E:FA:50:5C:12:73:22:3A:02:7E Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:7d:0d:5b:9f:7a:68:c5:a7:4f:37:f1:2b:43:5b: c7:77:bb:c6:6d:cd:2d:cf:78:dc:bd:13:2e:f8:16:72:9e:bc: 02:20:68:d5:71:45:48:b6:01:23:0a:87:e1:96:ff:8d:1d:c9: 5d:d0:62:ce:5d:ba:ce:c2:fa:73:29:d4:0d:c8:f1:1c ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org