Project

General

Profile

Actions

Feature #14762

open

Support X25519 and X448 public key algorithms in certificates

Added by Jim Pingle over 1 year ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Plus-Next
Release Notes:
Default

Description

Currently there is no support for certificates using X25519 and X448 public keys. Importing certificates with such keys from an external source doesn't always work either (e.g. such certs will not be listed for use by OpenSSL)

These algorithms are treated a bit differently than others in OpenSSL, since in some ways they get treated like EC but in others they do not. The algorithms are listed in openssl list -public-key-algorithms and openssl list -public-key-methods, but they aren't listed in any of the PHP OpenSSL functions or docs I've seen. For example they are not listed among the allowed key cipher constants or key types.


Related issues

Has duplicate Feature #15059: openvpn server ed25519 certificateDuplicate

Actions
Actions #1

Updated by Jim Pingle about 1 year ago

  • Has duplicate Feature #15059: openvpn server ed25519 certificate added
Actions #3

Updated by Jernej Simončič 8 months ago

This looks like a regression – I've got some OpenVPN servers that are set up with ed25519 certificates, which pfSense won't let me edit any more because it doesn't let me select those certificates (if I try editing one of these configurations, the certificate drop-down is set to ===== Server certificates =====).

Actions

Also available in: Atom PDF