[erlang-questions] errors with EC cert generation
Benjamin Black
b@REDACTED
Wed Jan 27 06:23:09 CET 2016
I'm attempting to generate CSRs and certificates using the public_key
library. I've run into trouble when using elliptic curves instead of RSA
and the problem shows up even in the erl_make_certs.erl code included in
the public_key tests.
Things work fine with RSA:
> erl_make_certs:make_cert([{key, rsa}]).
{<<48,130,2,136,48,130,1,241,160,3,2,1,2,2,6,0,220,55,12,
84,65,48,13,6,9,42,134,72,...>>,
{'RSAPrivateKey',<<48,130,2,92,2,1,0,2,129,129,0,136,253,
122,221,72,60,185,68,243,119,187,161,
131,7,...>>,
not_encrypted}}
But fail with EC:
> erl_make_certs:make_cert([{key, ec}]).
** exception error: no match of right hand side value {error,{asn1,badarg}}
in function public_key:der_encode/2 (public_key.erl, line 253)
in call from public_key:pkix_sign/2 (public_key.erl, line 529)
in call from erl_make_certs:make_cert/1
The error is caused by the call to make_tbs/2. As far as I can tell, the
problem is in the attempt to der_encode/2 the subject. The exact problem
appears to be in encoding subject AttributeTypeAndValue with values of the
form {printableString, Value}. What I can't determine is why this encoding
succeeds for RSA but fails for EC.
Can anyone shed any light?
b
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160126/5e0caf5d/attachment.htm>
More information about the erlang-questions
mailing list