[CentOS] Solved? - Re: Support for ECDSA in OpenSSL?
Robert Moskowitz
rgm at htt-consult.com
Fri Apr 25 16:31:43 UTC 2014
On 04/25/2014 12:13 PM, Paul Heinlein wrote:
> On Fri, 25 Apr 2014, Robert Moskowitz wrote:
>
>> Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
>
> On CentOS 6.5, OpenSSL does but SSH does not.
>
>> How do I test if this works? (though I should probably ask this on the
>> OpenSSL list)
>
> On a CentOS 6.5 box, asking for an ECDSA key fails:
>
> [centos-6.5]$ ssh-keygen -f zzz -t ecdsa
> unknown key type ecdsa
And that is a ssh way of testing for ecdsa support.
It looks like ecdsa IS there and something is wrong with my setup. I
tried creating a new ecdsa Host Identity:
# hipconf daemon new hi pub ecdsa hip_host_ecdsa_key_pub
Using hostname: oqo1.htt-consult.com
Using format ecdsa and file hip_host_ecdsa_key_pub
dirname=. mode=755
Saving ECDSA keys to: pub='hip_host_ecdsa_key_pub.pub'
priv='hip_host_ecdsa_key_pub'
Key saved.
It looks like it did work. But when I went to use it:
# hipconf daemon add hi pub ecdsa hip_host_ecdsa_key_pub
Using hostname: oqo1.htt-consult.com
Using format ecdsa and file hip_host_ecdsa_key_pub
Could not open private key file /etc/hip/hip_host_ecdsa_key_anon for reading
Loading of the ECDSA key failed
there is a problem. It should not be trying to read an anon file.
Bottom line. Looks like ecdsa is in OpenSSL for Centos 6.5 and that the
HIPL build is using it. Just something wrong on my install.
Sorry for the noise.
More information about the CentOS
mailing list