On Tue, Mar 4, 2014 at 2:00 PM, Dave Thompson <[email protected]> wrote:
>> From: [email protected] On Behalf Of Jeffrey Walton
>> Sent: Tuesday, March 04, 2014 12:34
>> ...
>
> but that reminds me: does your ECDSA cert have the publickey in
> named=OID format, NOT explicit (prime + coefficients + point + order etc.)?
>
> If your real client, like openssl, only offers named curves not explicit,
> a cert containing an explicit key cannot be selected, even if the explicit
> parameters are actually the parameters for a name-able curve.
>
If that's the case, then that's probably it. Below is a sample.
I've been using PEM_write_PKCS8PrivateKey and PEM_write_X509. What
does one use to write the named curve?
Thanks for the help.
$ openssl x509 -in server-ecdsa-cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2718864780398442230 (0x25bb591cd3f836f6)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, O=Example, LLC, CN=Example, LLC Certification Authority
Validity
Not Before: Mar 3 00:00:00 2014 GMT
Not After : Mar 12 00:00:00 2014 GMT
Subject: O=Example, LLC/[email protected],
CN=Example, LLC Proxy Certificate
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:0e:2d:72:28:74:9f:0c:88:e4:25:a3:d4:09:1e:
e6:7a:d0:97:89:ed:a4:8d:97:a7:56:aa:63:9d:ee:
94:a1:dd:2d:67:91:8a:88:1f:f9:ba:c3:22:1d:11:
c6:8a:7e:a6:72:57:37:cf:dd:fc:eb:01:ca:5a:32:
55:5e:99:da:1c
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff
A:
00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fc
B:
5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
60:4b
Generator (uncompressed):
04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
68:37:bf:51:f5
Order:
00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
63:25:51
Cofactor: 1 (0x1)
Seed:
c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
b7:81:9f:7e:90
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:debian-q500
X509v3 Subject Alternative Name:
DNS:localhost
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
Netscape Comment:
Powered by OpenSSL
X509v3 Subject Key Identifier:
6A:12:D9:BD:F1:C1:33:A8:68:C9:9C:F6:51:99:3F:49:1E:5C:BF:DA
X509v3 Authority Key Identifier:
keyid:BD:84:4D:C6:A7:22:72:E9:91:08:4E:FA:50:5C:12:73:22:3A:02:7E
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:7d:0d:5b:9f:7a:68:c5:a7:4f:37:f1:2b:43:5b:
c7:77:bb:c6:6d:cd:2d:cf:78:dc:bd:13:2e:f8:16:72:9e:bc:
02:20:68:d5:71:45:48:b6:01:23:0a:87:e1:96:ff:8d:1d:c9:
5d:d0:62:ce:5d:ba:ce:c2:fa:73:29:d4:0d:c8:f1:1c
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
