Closed bit closed 2 months ago
Trying to create a certificate signed with an ed25519 key does not work. Signing currently requires a digest, ed25519 only works with digest set to NULL.
ed448_private_key_pem = b"""-----BEGIN PRIVATE KEY----- MEcCAQAwBQYDK2VxBDsEOcqZ7a3k6JwrJbYO8CNTPT/d7dlWCo5vCf0EYDj79ZvA\nhD8u9EPHlYJw5Y8ZQdH4WmVEfpKA23xkdQ== -----END PRIVATE KEY----- """ key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, ed448_private_key_pem) x509 = OpenSSL.crypto.X509() x509.set_pubkey(key) x509.sign(key, None)
Its possible to call the internal sign function with NULL to get the certificate:
OpenSSL.crypto._lib.X509_sign(x509._x509, key._pkey, OpenSSL.crypto._ffi.NULL)
At this point we recommend using https://cryptography.io/en/latest/ for all X.509 use cases.
Trying to create a certificate signed with an ed25519 key does not work. Signing currently requires a digest, ed25519 only works with digest set to NULL.
Its possible to call the internal sign function with NULL to get the certificate: