Reputation: 37
Signature Algorithm sha256RSA with ECC Pubkey
Quite by chance, I ran into Google certificate. Now questions come to my mind which I haven't find answers yet:
From the certificate, it seems RSA signature algorithm is used, but the public key is an ECC key. Can we possibly do RSA encryption/decryption with an ECC key? How can we make a certificate like this using openssl? (I've created certificates of RSA SA/RSA key, ECDSA SA/ECC key, but not like this one.)
Any answer is appreciated!
Screenshot of Google certificate Google Certificate
Upvotes: 1
Views: 1825
Answers (1)
Reputation: 8877
RSA signrature in the certificate means that Issuing CA (i.e. Google Internet Authority G3) used this algorithm to sign the End Entity certificate (google.com). It does not matter if the key pair was RSA or ECC.
You can not use RSA encryption with this End Entity certificate because it has ECC public key in it and AFAIK it is not possible to do encryption with ECC keys. Well, according to this wiki link you can.
If you want to make similar End entity certificate then make RSA CA then make ECC keypair and PKCS#10 request and issue the certificate using this request.
Upvotes: 3
Related Questions
- How to do signature using SHA256withRSA algorithm in C#
- C# signature verification using ECDSA with SHA256 certificate
- OpenSSL on Mac OS X for SHA-256 signature algorithm
- How to make OpenSSL with SHA256 instead of sha1?
- openSSL how to sign a certificate with SHA256
- How to create a digital signature using SHA256 with ECDSA algorithm in C#
- Use X509Certificate2 to sign and validate ECDSA-SHA256 signatures
- signature with SHA256
- X509Certificate2 Public Key Signature Algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- Creating a sha256 signature using openssl