[CentOS] Support for ECDSA in OpenSSL?

Fri Apr 25 16:13:24 UTC 2014
Paul Heinlein <heinlein at madboa.com>

On Fri, 25 Apr 2014, Robert Moskowitz wrote:

> Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?

On CentOS 6.5, OpenSSL does but SSH does not.

> How do I test if this works?  (though I should probably ask this on the
> OpenSSL list)

On a CentOS 6.5 box, asking for an ECDSA key fails:

   [centos-6.5]$ ssh-keygen -f zzz -t ecdsa
   unknown key type ecdsa

On a Debian jessie box, it succeeds:

   [debian]$ ssh-keygen -f zzz -t ecdsa
   Generating public/private ecdsa key pair.
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in zzz.
   Your public key has been saved in zzz.pub.

If I scp the newly created zzz key to a CentOS box, its openssl binary 
can understand it:

   [centos-6.5]$ openssl ec -in zzz
   read EC key
   writing EC key
   -----BEGIN EC PRIVATE KEY-----
   ...
   -----END EC PRIVATE KEY-----

That's the best test I know.

-- 
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W