Generating certificate using ECDSA_P256 algorithm but with sha256RSA signature

Krzysztof J. Obara

12/24/22, 8:15 PM

If you have a look at a certificate encrypting google.com it advertises a 256-bit ECC key with ECDSA_P256 parameter. The signature algorithm is sha256RSA. I've been trying to achieve something similar by running the below set of commands, but since the -digest parameter I use is -sha256 the result is always sha256ECDSA signature algorithm. So the question is - how Google did that and is that achievable with OpenSSL (1.1.1k)?

Is it a result of the fact that their cert is signed by a CA cert that is RSA and not ECDSA (while mine is a self-signed ECDSA root cert)?

openssl genpkey -genparam -out ./hmca-ec.param -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1

openssl genpkey -paramfile ./hmca-ec.param -out ./hmca-ec.key -pass pass:"pass" -aes-256-ecb

openssl req -x509 -new -key ./hmca-ec.key -sha256 -days 365 \
 -config ./hmca.conf -reqexts SAN -extensions SAN -out ./hmca-ec.crt

conf file (if it matters) looks like this:

[req]
distinguished_name = dirsect
x509_extensions = SAN
req_extensions = SAN
prompt = no

[SAN]
subjectKeyIdentifier=hash
subjectAltName = dirName:dirsect
extendedKeyUsage = serverAuth, clientAuth
basicConstraints = CA:TRUE
keyUsage = critical, digitalSignature, keyAgreement, keyCertSign

[dirsect]
C = US
O = a
CN = b

371

0 + 3

sha-256

openssl

Maarten Bodewes

12/24/22, 9:25 PM

Uh, first create a self signed RSA root certificate and then use that to sign a certificate request created using a EC(DSA) key pair? What's your question?

dave_thompson_085

12/24/22, 10:47 PM

Actually depending on offered ciphersuites or sigalgs google.com uses either a cert with EC(DSA) P256 _or_ one with RSA-2048; both are issued using sha256-RSA signature by `GTS CA 1C3` with RSA-2048 key. `GTS CA 1C3` is itself an intermediate, not a root; its cert is issued by `GTS Root R1` which is RSA-4096 and now in most(?) truststores but also bridged to `GlobalSign Root CA` which is older (1998) and RSA-2048. See ssllabs.com/ssltest . @MaartenBodewes: so you can use _any_ RSA CA (not just a selfsigned root) to process the CSR for EC P256.

Maarten Bodewes

12/24/22, 10:56 PM

Sure, I just indicated the shortest route :P

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Generating certificate using ECDSA_P256 algorithm but with sha256RSA signature

TH: กำลังสร้างใบรับรองโดยใช้อัลกอริทึม ECDSA_P256 แต่มีลายเซ็น sha256RSA

RO: Se generează certificat folosind algoritmul ECDSA_P256 dar cu semnătura sha256RSA

RU: Генерация сертификата по алгоритму ECDSA_P256, но с подписью sha256RSA

VI: Tạo chứng chỉ bằng thuật toán ECDSA_P256 nhưng có chữ ký sha256RSA

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.