[erlang-questions] errors with EC cert generation

Benjamin Black b@REDACTED
Wed Jan 27 06:23:09 CET 2016


I'm attempting to generate CSRs and certificates using the public_key
library. I've run into trouble when using elliptic curves instead of RSA
and the problem shows up even in the erl_make_certs.erl code included in
the public_key tests.

Things work fine with RSA:

> erl_make_certs:make_cert([{key, rsa}]).
{<<48,130,2,136,48,130,1,241,160,3,2,1,2,2,6,0,220,55,12,
   84,65,48,13,6,9,42,134,72,...>>,
 {'RSAPrivateKey',<<48,130,2,92,2,1,0,2,129,129,0,136,253,
                    122,221,72,60,185,68,243,119,187,161,
                    131,7,...>>,
                  not_encrypted}}

But fail with EC:

> erl_make_certs:make_cert([{key, ec}]).
** exception error: no match of right hand side value {error,{asn1,badarg}}
     in function  public_key:der_encode/2 (public_key.erl, line 253)
     in call from public_key:pkix_sign/2 (public_key.erl, line 529)
     in call from erl_make_certs:make_cert/1

The error is caused by the call to make_tbs/2. As far as I can tell, the
problem is in the attempt to der_encode/2 the subject. The exact problem
appears to be in encoding subject AttributeTypeAndValue with values of the
form {printableString, Value}. What I can't determine is why this encoding
succeeds for RSA but fails for EC.

Can anyone shed any light?


b
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160126/5e0caf5d/attachment.htm>


More information about the erlang-questions mailing list