Please nominate your Qt Champions for 2021!

QsslSocket - ECC Keys & Certificate fail on OSX

  • Qt Champions 2017

    Question - Any problems/issues with ECC(Elliptic Curve Cryptography) Keys & Certificates on OSX ?
    I am using OpenSSL 1.0.2k on OS X EL Captain. I used the following commands to generate ECC Keys & Certificates. Keys and Certificates are generated properly. However when I set the key & certificates I get the following error.

    qDebug() << " Key ="<< key  << endl;
    qDebug() << " Certificate ="<< certificate << endl;

    Error - Connection from ::1:50351 failed: SecPKCS12Import failed: -67712

    Commands used for generating ECC Key & Certificates.

    openssl ecparam -genkey -name prime256v1 -out key.pem
    openssl req -new -sha256 -key key.pem -out csr.csr
    openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem
    openssl req -in csr.csr -text -noout | grep -i "Signature.*SHA256" && echo "All is well" || echo "This certificate will stop working in 2017! You must update OpenSSL to generate a widely-compatible certificate"

    I use the same SSL library for generating the RSA 2048 keys and certificate. It works perfectly.

    Any issue with ECC Keys & Certificates on OSX

  • Qt Champions 2017

    I found the problem with this. Qt does not support EC Curves by default. It has dummy implemenation & does nothing. Not sure about the reason why this is left out.

    If you want Elliptical Curve Certificate Support on OSX with Qt, you need link Qt with OpenSSL library. This solves the problem. If any needs to help on this, do drop an email to me.

Log in to reply