[erlang-questions] errors with EC cert generation

Benjamin Black <>
Wed Jan 27 06:23:09 CET 2016

I'm attempting to generate CSRs and certificates using the public_key
library. I've run into trouble when using elliptic curves instead of RSA
and the problem shows up even in the erl_make_certs.erl code included in
the public_key tests.

Things work fine with RSA:

> erl_make_certs:make_cert([{key, rsa}]).

But fail with EC:

> erl_make_certs:make_cert([{key, ec}]).
** exception error: no match of right hand side value {error,{asn1,badarg}}
     in function  public_key:der_encode/2 (public_key.erl, line 253)
     in call from public_key:pkix_sign/2 (public_key.erl, line 529)
     in call from erl_make_certs:make_cert/1

The error is caused by the call to make_tbs/2. As far as I can tell, the
problem is in the attempt to der_encode/2 the subject. The exact problem
appears to be in encoding subject AttributeTypeAndValue with values of the
form {printableString, Value}. What I can't determine is why this encoding
succeeds for RSA but fails for EC.

Can anyone shed any light?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160126/5e0caf5d/attachment.html>

More information about the erlang-questions mailing list