stackoom
  简体   繁体   中英

Creating X509 certificate in C using post-quantum public key algorithm?

 原文  2019-05-22 15:41:31       c/ openssl/ x509/ pki/ post-quantum-cryptography

Question

I'm trying to implement a self signed x509 certificate that uses a post-quantum (PQ) public key algorithm as the public key algorithm. I looked at the openssl library in c, and the way it's done using RSA. I'm essentially trying to replicate the same format. From what I've seen in the openssl library, RSA and a couple of other supported algorithms are integrated in the crypto EVP layer (the key is stored as EVP_PKEY). The functions in the openssl library that I'm trying to use are X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey), and some other functions that have very similar inputs. Is there a way that I can integrate the PQ algorithm into the EVP layer? If not, is there any way around using the EVP layer that would achieve the same goal?

I have tried looking into the evp source code in the openssl library. It seems it only supports certain algorithms such as RSA, EC... I'm not sure if it's possible to incorporate the PQ algorithm into the EVP layer. I'm following along the example in this link: ( https://www.codepool.biz/how-to-use-openssl-to-generate-x-509-certificate-request.html ) to generate the certificate. Instead of RSA key, I just plug in the PQ algorithm key. So far when I create my certificate, it's always outputted in the wrong format.

I'm using this command: openssl x509 -in x509Req.pem -text -noout to read the certificate generate. It always shows the error message "unable to load certificate \\n 140688586052032:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE".

1 answers

solution1
 1 ACCPTED  2019-05-22 21:09:27

The EVP API uses a "ENGINE" for it's implementation of all the symmetric algorithms (ciphers), digests and asymmetric algorithms (public key algorithms). A ENGINE module can be added / replaced. See openssl engine command.

I think this is the area you want to look into. I don't think there is a lot of documentation around this area (that I could find) but there are sample engines you can look into.

If you download the openssl source you can look in the engines folder for sample engines you can use to start to implement you custom algorithm(s).

Good luck!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting the public key length of an X509 certificate Modifying extension list in X509 certificate using OpenSSL in C X509* certificate serialization and deserialization in C How to verify a X509 certificate in C x509 certificate verification in C Openssl how to find out what the bit size of the public key in an X509 certificate is Encrypt file with AES 128 mode cbc using public key X509 V3 (PKCS7) Programmatically verify a X509 certificate and private key match how to programatically in C hash a X509 certificate in PEM format Programmatically input data in X509 Certificate using OpenSSL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM