On Fri, 25 Apr 2014, Robert Moskowitz wrote:
> Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
On CentOS 6.5, OpenSSL does but SSH does not.
> How do I test if this works? (though I should probably ask this on the
> OpenSSL list)
On a CentOS 6.5 box, asking for an ECDSA key fails:
[centos-6.5]$ ssh-keygen -f zzz -t ecdsa
unknown key type ecdsa
On a Debian jessie box, it succeeds:
[debian]$ ssh-keygen -f zzz -t ecdsa
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in zzz.
Your public key has been saved in zzz.pub.
If I scp the newly created zzz key to a CentOS box, its openssl binary
can understand it:
[centos-6.5]$ openssl ec -in zzz
read EC key
writing EC key
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
That's the best test I know.
--
Paul Heinlein
heinlein at madboa.com
45?38' N, 122?6' W