Hi David,
I have now a full working code that creat the ECC key and a CSR based on it, but, the CSR looks broken, when I try to use it it is identify as corrupted or as an incorrect format.
I do this in the code:
ecc_key key;
wc_ecc_init(&key);
WC_RNG rng;
wc_InitRng(&rng);
// wc_ecc_make_key(&rng, 32, &key); // initialize 32 byte ecc key
wc_ecc_make_key_ex(&rng, 32, &key,ECC_SECP256R1); // initialize 32 byte ecc key
#define FOURK_BUF 4096
byte der[FOURK_BUF];
int derSz = wc_EccKeyToDer(&key, der, FOURK_BUF);
byte pem[4096];
memset(pem,0,sizeof(pem));
int pemSz = wc_DerToPem(der, derSz, pem, sizeof(pem),ECC_PRIVATEKEY_TYPE);
printf("%s",pem);
Cert req;
wc_InitCert(&req);
strncpy(req.subject.country, "US", CTC_NAME_SIZE);
strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
strncpy(req.subject.org, "yaSSL", CTC_NAME_SIZE);
strncpy(req.subject.unit, "Development", CTC_NAME_SIZE);
strncpy(req.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
strncpy(req.subject.email, "info@wolfssl.com", CTC_NAME_SIZE);
derSz = wc_MakeCertReq(&req, der, FOURK_BUF, NULL, &key);
pemSz = wc_DerToPem(der, derSz, pem, sizeof(pem),CERTREQ_TYPE);
printf("%s",pem);
And this is the key\csr pair I get:
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIG1ceBb5bj3YhpfCuxBB+tW8x/L1OK852gN5EijIoRHDoAoGCCqGSM49
AwEHoUQDQgAEwH2T6dZ6N+Vim7EKGRorUSZb+GIPXRDpXHPHJV+qxp7i7gOClDvg
oQagUCoB/llEaXTFzOzmmGVM+sakTYsByA==
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIHxAgECMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBv
cnRsYW5kMQ4wDAYDVQQKDAV5YVNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAW
BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
c3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMB9k+nWejflYpuxChka
K1EmW/hiD10Q6VxzxyVfqsae4u4DgpQ74KEGoFAqAf5ZRGl0xczs5phlTPrGpE2L
AcigAA==
-----END CERTIFICATE REQUEST-----
I tested it both on my target server that refuse the CSR and on https://www.sslshopper.com/csr-decoder.html the gave an error message -
We were unable to decode this CSR. It may be corrupt or in an incorrect format.
When I took the above key and used openssl like this:
OpenSSL req -new -config my_config.cnf -key wolf_ecc_key.pem -out wolf_ecc.csr
The wolf_ecc.csr format was OK in both cases, that is, on my target server and the csr-decoder.
Any idea what I did wrong?
Thanks,
Eyal