0

I would like to create a certificate with ECC. I am using ecdsa_with_SHA3-512 as signature algorithm.

I can succesfully sign the certificate as below.

auto message_digest = EVP_MD_fetch(nullptr,"SHA3-512", nullptr);
if (!message_digest) {
 ...
}

if(auto ssize = X509_sign(cert,pkey,message_digest)){
 ...
}

But I can`t verify the signature as below.

auto result = X509_verify(cert,pkey);
if (result <= 0) {
 printf("[verify is failed : %d]\n",result);
}

auto errCode = ERR_peek_last_error();
auto errBuf = new char[256];
ERR_error_string(errCode,errBuf);
std::cout << errBuf << "\n";

I get [verify result : -1] error:068000C7:asn1 encoding routines::unknown signature algorithm error message.

I am checking tbs signature and certificate signature objects, they are equal.

if(X509_ALGOR_cmp(signatureAlg, tbsSignature)) {
 ...
}

Below is tbs signature object fields.

tbs signature ln : ecdsa_with_SHA3-512
tbs signature sn : id-ecdsa-with-sha3-512
tbs signature nid : 1115

As I understand X509_verify() checks the signature algorithm nid from nid_triple sigoid_srt[] array. And cant find NID_ecdsa_with_SHA3_512 algorithm nid. Because of this, it gives unkown algorithm error.

I am new to cryptography and openssl, What I am missing.

Edit : This hash/signature algorithm combination is not supported by any of the current releases by itself.

selim
  • 11
  • 1
  • 1
    FWIW: Windows doesn't support SHA-3 yet, so a certificate with a SHA-3 based signature will not work there. I don't think macOS/iOS do, either. (Your problem may be related in that you're trying to be a bit too bleeding-edge, but I don't actually know.) – bartonjs Mar 25 '22 at 17:06
  • Then again, Windows crypto is not directly a frontrunner right? I mean it now has GCM, but *dang*, that took long. – Maarten Bodewes Mar 25 '22 at 17:45
  • I think this is not related to Windows. I am using openssl library api’s and its application on ubuntu terminal. Openssl library gives unknown algorithm error. @bartonjs – selim Mar 26 '22 at 17:52
  • @selim I understand that. I’m just pointing out that SHA-3 certificates aren’t something that the world at large is ready for, so it /might/ not be something worth pursuing at this time. (And that, relatedly, it may be that not even OpenSSL is ready for them). – bartonjs Mar 26 '22 at 21:52
  • @bartonjs, Ohh I understood you wrong, thank you for answer. – selim Mar 27 '22 at 06:08

0 Answers0