Correct me if i am going wrong somewhere as i am new to crypto field.
I am using following commands to generate EC keypair in Java 7:
As per : docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html#Commands
keytool -genkeypair -alias MyServerPair -keyalg EC -keysize 571 -sigalg SHA512withECDSA -keypass 123456 -validity 365 -storetype JKS -keystore MyServerStore -storepass 123456
After execution,
Keystore gets generated in the directory. After that i try to export cert with following command:
keytool -exportcert -alias MyServerPair -file MyServer.crt -storetype JKS -keystore MyServerStore -storepass 123456
After which MyServer.crt is generated.
But when i open MyServer.crt file and check certificate status i find, "This certificate has an invalid digital signature"
Also, in certificate details when i see public key value it show ECC (0 Bit).
Why is that so ? Where am i going wrong ? My guess is i am using wrong signature algo.
I am referring,docs.oracle.com/javase/7/docs/technotes/gui4des/security/SunProviders.html#SunEC
Some Screenshots are here
EDIT:
Its happening when i use binary field values like 571 as -keysize but if i use prime field values corresponding to binary field values like 521 its working fine without above mentioned problems.
EDIT 2:
Even with other -sigalg values and key size 571 and other binary values problems exists.
I guess prime field values are only to be used.
