Discussion:
ECC Certificate Signing Request
(too old to reply)
Sverre Moe
2014-05-28 07:47:35 UTC
Permalink
When creating a ECC Certificate Signing Request I noticed the CSR from
OpenSSL was quite different from the one I generated with Java Keytool.

Checking the CSRs with: openssl req -in ecc.csr -text -noout

OpenSSL CSR has the following attributes:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
Field Type: prime-field
Prime:
A:
B:
Generator (uncompressed):
Order:
Cofactor: 1 (0x1)
Seed:
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA384

While the Keytool CSR has the following attributes:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
ASN1 OID: secp521r1
Attributes:
Requested Extensions:
X509v3 Subject Key Identifier:
Signature Algorithm: ecdsa-with-SHA384


Does that mean OpenSSL is better suited for creating ECC CSR? What are the
extra attributes for that comes with OpenSSL CSR? Also Keytool has
Requested Extensions which OpenSSL doesn't.
Matt Caswell
2014-05-28 08:45:31 UTC
Permalink
Post by Sverre Moe
When creating a ECC Certificate Signing Request I noticed the CSR from
OpenSSL was quite different from the one I generated with Java Keytool.
Checking the CSRs with: openssl req -in ecc.csr -text -noout
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
Field Type: prime-field
Cofactor: 1 (0x1)
a0:00
Signature Algorithm: ecdsa-with-SHA384
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
ASN1 OID: secp521r1
Signature Algorithm: ecdsa-with-SHA384
Does that mean OpenSSL is better suited for creating ECC CSR? What are the
extra attributes for that comes with OpenSSL CSR? Also Keytool has Requested
Extensions which OpenSSL doesn't.
How did you generate your key with openssl?

You are using explicit curve parameters rather than a named curve. The
keytool version just names curve secp521r. This is a well known curve,
with a well defined set of parameters associated with it (and
therefore they don't need to be listed). The openssl version is not
using a named curve and is explicitly listing out the set of
parameters associated with the curve its using.

Normally you would use named curves. So for example if I type:

openssl ecparam -name secp256k1 -genkey -noout -out secp256-key.pem

openssl req -out secp256.csr -key secp256-key.pem -new

openssl req -in secp256.csr -text -noout

Then I get:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:fc:c0:6f:68:13:ce:bf:23:f7:51:65:b2:e5:35:
d1:39:1b:38:6a:3e:11:7a:07:02:06:97:56:f7:a4:
b2:24:f7:a8:73:34:e5:bf:8d:b3:8a:95:71:c5:a5:
4f:b0:54:a4:d7:9f:55:4a:b2:81:10:6c:60:4b:05:
77:3b:63:f2:aa
ASN1 OID: secp256k1
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA1
30:46:02:21:00:fc:89:36:23:68:ed:e5:96:a6:ec:96:2a:20:
bf:45:be:ae:d0:81:f2:f8:f3:91:31:6e:ca:13:cf:8f:b2:84:
9d:02:21:00:f5:ed:e3:72:83:30:0a:f1:8c:80:7e:d9:e0:e5:
fc:a6:fc:35:c0:7f:73:60:ea:c9:76:f4:5a:6a:bf:70:b5:1f

Whereas if I generate my key with

openssl ecparam -name secp256k1 -genkey -noout -out secp256-key.pem
-param_enc explicit

Then I get a csr which looks more like your one.

Matt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Sverre Moe
2014-05-28 10:06:39 UTC
Permalink
I used the following openssl command for my ECC private key and CSR.
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
private-key.pem
openssl req -new -key private-key.pem -nodes -sha384 -out ecc_clientReq.csr

So what is the point of this switch?
-param_enc explicit
Can't find any information about this on
https://www.openssl.org/docs/apps/req.html

Using Java keytool:
keytool -genkeypair -alias tomcat -keyalg EC -keysize 521 -validity 730
-keystore .keystore
keytool -certreq -alias kspt -file ecc_clientReq.csr -keystore .keystore
Keytool maps the keysize to the named curve. In this case its secp521r1.


While we are on the subject on ECC. Could my ECC certificate work with
browsers that does only support RSA authentication, like TLS_ECDHE_RSA or
TLS_DHE_RSA?
Post by Sverre Moe
Post by Sverre Moe
When creating a ECC Certificate Signing Request I noticed the CSR from
OpenSSL was quite different from the one I generated with Java Keytool.
Checking the CSRs with: openssl req -in ecc.csr -text -noout
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
Field Type: prime-field
Cofactor: 1 (0x1)
a0:00
Signature Algorithm: ecdsa-with-SHA384
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
ASN1 OID: secp521r1
Signature Algorithm: ecdsa-with-SHA384
Does that mean OpenSSL is better suited for creating ECC CSR? What are
the
Post by Sverre Moe
extra attributes for that comes with OpenSSL CSR? Also Keytool has
Requested
Post by Sverre Moe
Extensions which OpenSSL doesn't.
How did you generate your key with openssl?
You are using explicit curve parameters rather than a named curve. The
keytool version just names curve secp521r. This is a well known curve,
with a well defined set of parameters associated with it (and
therefore they don't need to be listed). The openssl version is not
using a named curve and is explicitly listing out the set of
parameters associated with the curve its using.
openssl ecparam -name secp256k1 -genkey -noout -out secp256-key.pem
openssl req -out secp256.csr -key secp256-key.pem -new
openssl req -in secp256.csr -text -noout
Version: 0 (0x0)
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
77:3b:63:f2:aa
ASN1 OID: secp256k1
a0:00
Signature Algorithm: ecdsa-with-SHA1
fc:a6:fc:35:c0:7f:73:60:ea:c9:76:f4:5a:6a:bf:70:b5:1f
Whereas if I generate my key with
openssl ecparam -name secp256k1 -genkey -noout -out secp256-key.pem
-param_enc explicit
Then I get a csr which looks more like your one.
Matt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Matt Caswell
2014-05-28 10:32:43 UTC
Permalink
Post by Sverre Moe
I used the following openssl command for my ECC private key and CSR.
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
private-key.pem
openssl req -new -key private-key.pem -nodes -sha384 -out ecc_clientReq.csr
So what is the point of this switch?
-param_enc explicit
Can't find any information about this on
https://www.openssl.org/docs/apps/req.html
Well, as its a switch for ecparam not req, its not document on the req page! :-)

It is documented here:

http://www.openssl.org/docs/apps/ecparam.html

I suggest you do not use it, and go with the default of named curves.
In most circumstances that is what you really want. In theory you can
use your own custom curve, in which case you would have to use
explicit parameters. But in practice no one really does that -
everyone just uses standard named curves.
Post by Sverre Moe
keytool -genkeypair -alias tomcat -keyalg EC -keysize 521 -validity 730
-keystore .keystore
keytool -certreq -alias kspt -file ecc_clientReq.csr -keystore .keystore
Keytool maps the keysize to the named curve. In this case its secp521r1.
While we are on the subject on ECC. Could my ECC certificate work with
browsers that does only support RSA authentication, like TLS_ECDHE_RSA or
TLS_DHE_RSA?
No. You will need an RSA certificate for this.

Matt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Dr. Stephen Henson
2014-05-28 10:54:05 UTC
Permalink
Post by Matt Caswell
Post by Sverre Moe
I used the following openssl command for my ECC private key and CSR.
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
private-key.pem
openssl req -new -key private-key.pem -nodes -sha384 -out ecc_clientReq.csr
So what is the point of this switch?
-param_enc explicit
Can't find any information about this on
https://www.openssl.org/docs/apps/req.html
Well, as its a switch for ecparam not req, its not document on the req page! :-)
http://www.openssl.org/docs/apps/ecparam.html
I suggest you do not use it, and go with the default of named curves.
In most circumstances that is what you really want. In theory you can
use your own custom curve, in which case you would have to use
explicit parameters. But in practice no one really does that -
everyone just uses standard named curves.
In theory you can use custom curves but in the case of TLS almost nothing
supports it (OpenSSL doesn't) and using explicit parameters will often just
fail even with common curves.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Loading...