botan
botan copied to clipboard
randombit
unable to generate ed25519ph certificate
Hi all
I am facing issue to generate ed25519ph certificate, able to generate certificate with ED25519, can you guide me the syntax to generate ed25519ph
botan keygen --algo=Ed25519 --params=Ed25519ph > server_key.pem
botan sign_cert ca_cert.pem ca_key.pem server_csr.pem --hash=SHA-512 > server_cert.pem
openssl x509 -in server_cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a7:da:1c:8a:53:0b:de:ef:87:b7:34:04:bd:91:71:19
Signature Algorithm: ED25519
Issuer: CN = my_root_authority
Validity
Not Before: Aug 7 18:28:58 2021 GMT
Not After : Aug 7 18:28:58 2022 GMT
Subject: CN = localhost
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
7d:13:7f:33:62:2d:29:e5:b8:71:d9:ef:01:eb:10:
7c:a4:74:0b:8c:cf:e4:a8:96:15:0e:a6:c4:ae:14:
c9:71
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:0C:17:B9:9A:7E:CF:33:8C:0F:2C:F6:E7:D1:73:37:DF:24:8C:4A:8E:FE:7C:8D
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
62:EE:CD:6D:79:81:34:82:95:B2:45:28:75:51:21:AE:45:73:FB:EB:C2:D7:EF:2B
Signature Algorithm: ED25519
Signature Value:
77:17:5e:c6:a6:34:e5:7b:ae:48:26:b8:3b:8b:5d:8c:e2:6f:
f3:a0:f1:3e:5f:88:bc:bc:5d:ee:8d:fb:3e:38:cf:25:47:1a:
10:22:3c:b5:d7:0f:8c:fc:33:e4:18:d5:36:ec:f6:94:1f:38:
ee:c9:24:0b:3b:d4:09:4b:e9:06
How would an Ed25519ph certificate differ from a regular Ed25519 cert? I'm not aware of any parameters or OIDs that would indicate prehash operation
@randombit please see https://datatracker.ietf.org/doc/html/draft-ietf-curdle-pkix-00#section-11.3 https://datatracker.ietf.org/doc/html/draft-ietf-curdle-pkix-00#section-11.2
OID id-Curve25519 OBJECT IDENTIFIER ::= { 1.3.101.110 } id-Curve448 OBJECT IDENTIFIER ::= { 1.3.101.111 } id-Curve25519ph OBJECT IDENTIFIER ::= { 1.3.101.112 } id-Curve448ph OBJECT IDENTIFIER ::= { 1.3.101.113 }
Those parameters do not appear in the final RFC https://datatracker.ietf.org/doc/html/rfc8410