On Fri, 25 Apr 2014, Robert Moskowitz wrote:
Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
On CentOS 6.5, OpenSSL does but SSH does not.
How do I test if this works? (though I should probably ask this on the OpenSSL list)
On a CentOS 6.5 box, asking for an ECDSA key fails:
[centos-6.5]$ ssh-keygen -f zzz -t ecdsa unknown key type ecdsa
On a Debian jessie box, it succeeds:
[debian]$ ssh-keygen -f zzz -t ecdsa Generating public/private ecdsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in zzz. Your public key has been saved in zzz.pub.
If I scp the newly created zzz key to a CentOS box, its openssl binary can understand it:
[centos-6.5]$ openssl ec -in zzz read EC key writing EC key -----BEGIN EC PRIVATE KEY----- ... -----END EC PRIVATE KEY-----
That's the best test I know.