Hello everyone, I'm having trouble generating a valid certificate signing request from the yubico PIV manager when the key is an ECC P256 key.
Whenever I have the tool generate a CSR using ECC P256, the generated CSR is invalid. The issue appears to be with the ECDSA signature on the certificate request, which appears to be stored incorrectly:
Code:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: DC=net, DC=voria, DC=token, CN=Yubikey NEO 35XXXXX
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:dd:91:86:6a:92:69:90:d9:cd:f0:81:ca:a3:40:
80:d8:64:e3:ad:13:3a:ed:43:0e:42:a0:95:b2:1e:
8c:2c:46:60:f3:5b:75:33:92:38:51:52:b8:6c:0c:
1a:b8:b0:6f:ee:f1:33:7a:9a:37:a8:79:d7:c8:de:
19:92:43:23:83
ASN1 OID: prime256v1
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:c3:7d:49:a6:da:e9:fe:25:18:26:7d:20:3e:
6a:80:22:04:a4:9d:a8:fb:72:9a:7c:99:c5:48:02:e2:28:0b:
65:02:21:00:d6:58:07:d0:f5:a5:f9:d9:f1:53:49:5d:3b:8a:
5c:75:87:66:43:32:da:ce:97:67:33:0d:9b:8e:78:54:3a:17
Check that the request matches the signature
Signature verification problems....
20298:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:/SourceCache/OpenSSL098/OpenSSL098-52.30.1/src/crypto/asn1/a_verify.c:164:
I filed
issue number 1 against the project on GitHub, but I haven't gotten any responses.
Login
FAQ
Search
