| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Yubico-PIV-Manager: Generating ECC P256 CSRs https://forum.yubico.com/viewtopic.php?f=26&t=1986 |
Page 1 of 1 |
| Author: | darco [ Fri Jul 31, 2015 8:56 pm ] |
| Post subject: | [QUESTION] Yubico-PIV-Manager: Generating ECC P256 CSRs |
Hello everyone, I'm having trouble generating a valid certificate signing request from the yubico PIV manager when the key is an ECC P256 key. Whenever I have the tool generate a CSR using ECC P256, the generated CSR is invalid. The issue appears to be with the ECDSA signature on the certificate request, which appears to be stored incorrectly: Code: Certificate Request: Data: Version: 0 (0x0) Subject: DC=net, DC=voria, DC=token, CN=Yubikey NEO 35XXXXX Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:dd:91:86:6a:92:69:90:d9:cd:f0:81:ca:a3:40: 80:d8:64:e3:ad:13:3a:ed:43:0e:42:a0:95:b2:1e: 8c:2c:46:60:f3:5b:75:33:92:38:51:52:b8:6c:0c: 1a:b8:b0:6f:ee:f1:33:7a:9a:37:a8:79:d7:c8:de: 19:92:43:23:83 ASN1 OID: prime256v1 Attributes: a0:00 Signature Algorithm: ecdsa-with-SHA256 30:46:02:21:00:c3:7d:49:a6:da:e9:fe:25:18:26:7d:20:3e: 6a:80:22:04:a4:9d:a8:fb:72:9a:7c:99:c5:48:02:e2:28:0b: 65:02:21:00:d6:58:07:d0:f5:a5:f9:d9:f1:53:49:5d:3b:8a: 5c:75:87:66:43:32:da:ce:97:67:33:0d:9b:8e:78:54:3a:17 Check that the request matches the signature Signature verification problems.... 20298:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:/SourceCache/OpenSSL098/OpenSSL098-52.30.1/src/crypto/asn1/a_verify.c:164: I filed issue number 1 against the project on GitHub, but I haven't gotten any responses. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|