[Cryptography-dev] Certifying a DH key
Bruno Martin
Bruno.Martin at univ-cotedazur.fr
Wed May 15 04:42:23 EDT 2024
Hi,
For teaching purposes I wish to implement a semi-ephemeral DH key exchange like in NIST SP800-56 (but for a non EC group).
The recipient’s key is static while the sender’s key is ephemeral.
To authenticate the ephemeral sender key I’d like to X.509 certify it (and also the recipent’s one too).
I can generate the dh parameters, the static and ephemeral keys, put it in PEM format.
So far so good.
But I cannot find how to create the csr to provide to a CA.
While trying with x509, I got the error message
Key must be an rsa, dsa, ec, ed25519, or ed448 private key.
Is there any way to get a certificate for a dh public key ?
I can accept to use OpenSSL for this but couldn’t find either a way to proceed.
Thanks for you help and sorry if my question is not well addressed to the list.
I did not subscribe to the list, so I would appreciate a direct reply.
Regards,
Bruno
More information about the Cryptography-dev
mailing list