I would like to create a certificate with ECC. I am using ecdsa_with_SHA3-512 as signature algorithm.
I can succesfully sign the certificate as below.
auto message_digest = EVP_MD_fetch(nullptr,"SHA3-512", nullptr);
if (!message_digest) {
...
}
if(auto ssize = X509_sign(cert,pkey,message_digest)){
...
}
But I can`t verify the signature as below.
auto result = X509_verify(cert,pkey);
if (result <= 0) {
printf("[verify is failed : %d]\n",result);
}
auto errCode = ERR_peek_last_error();
auto errBuf = new char[256];
ERR_error_string(errCode,errBuf);
std::cout << errBuf << "\n";
I get [verify result : -1] error:068000C7:asn1 encoding routines::unknown signature algorithm error message.
I am checking tbs signature and certificate signature objects, they are equal.
if(X509_ALGOR_cmp(signatureAlg, tbsSignature)) {
...
}
Below is tbs signature object fields.
tbs signature ln : ecdsa_with_SHA3-512
tbs signature sn : id-ecdsa-with-sha3-512
tbs signature nid : 1115
As I understand X509_verify() checks the signature algorithm nid from
nid_triple sigoid_srt[] array. And cant find NID_ecdsa_with_SHA3_512 algorithm nid. Because of this, it gives unkown algorithm error.
I am new to cryptography and openssl, What I am missing.
Edit : This hash/signature algorithm combination is not supported by any of the current releases by itself.