How can I sign an X509 object using an ED25519 key in hardware #24306
Unanswered
aveenismail
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have an ED25519 key inside an HSM and I want to use it to produce a self-signed X509 certificate but I can't seem to figure out how to set all the required parameters.
I'm using OpenSSL version 3.3.0 to construct/produce the self-signed certificate. As far as I can figure out, the ED25519 key should be stored in an EVP_PKEY object, and I also need to implement a custom signing function (in the snippet bellow, it's the ed_meth_sign() function) and have an EVP_PKEY_METHOD pointing to it, then somehow, connect the EVP_PKEY object and the EVP_PKEY_METHOD objects so that my custom signing function is called when signing the X509 data object.
What I've done so far is the following:
The
X509_sign()
fails with the errorI traced the OpenSSL code and I can see the following snippet in function
evp_pkey_export_to_provider()
returns NULL (I am not operating in FIPS mode):I'm not sure what that means. Are the
ptr
andkeydata
here refering to the private key? Is there another way to set this data other than the way I did above by callingEVP_PKEY_CTX_set_data()
? Am I going completely in the wrong direction with the whole thing?PS. I have posted this on stackoverflow first but I think it might be too specific, hence opening a ticket here.
Beta Was this translation helpful? Give feedback.
All reactions