Sverre Moe
2014-05-28 07:47:35 UTC
When creating a ECC Certificate Signing Request I noticed the CSR from
OpenSSL was quite different from the one I generated with Java Keytool.
Checking the CSRs with: openssl req -in ecc.csr -text -noout
OpenSSL CSR has the following attributes:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
Field Type: prime-field
Prime:
A:
B:
Generator (uncompressed):
Order:
Cofactor: 1 (0x1)
Seed:
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA384
While the Keytool CSR has the following attributes:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
ASN1 OID: secp521r1
Attributes:
Requested Extensions:
X509v3 Subject Key Identifier:
Signature Algorithm: ecdsa-with-SHA384
Does that mean OpenSSL is better suited for creating ECC CSR? What are the
extra attributes for that comes with OpenSSL CSR? Also Keytool has
Requested Extensions which OpenSSL doesn't.
OpenSSL was quite different from the one I generated with Java Keytool.
Checking the CSRs with: openssl req -in ecc.csr -text -noout
OpenSSL CSR has the following attributes:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
Field Type: prime-field
Prime:
A:
B:
Generator (uncompressed):
Order:
Cofactor: 1 (0x1)
Seed:
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA384
While the Keytool CSR has the following attributes:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
ASN1 OID: secp521r1
Attributes:
Requested Extensions:
X509v3 Subject Key Identifier:
Signature Algorithm: ecdsa-with-SHA384
Does that mean OpenSSL is better suited for creating ECC CSR? What are the
extra attributes for that comes with OpenSSL CSR? Also Keytool has
Requested Extensions which OpenSSL doesn't.