Comment by 🚀 jsreed5

I apologize for the necro, but I think I found the issue. @Half_Elf_Monk I assume you used something like the following command to create a client certificate and key. This is given on the Amfora wiki:

openssl req -new -subj "/CN=username" -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 1825 -nodes -out cert.pem -keyout key.pem

The core of that command is 'openssl ec', which produces a certificate and key based on elliptic curve cryptography. However, after a cursory glance at the source code, it looks like deedum only supports certs and keys based on RSA cryptography. @jmcs is that correct? If so, deedum would require a code change to read EC keys.

Edit: If it helps, the file I'm looking at in the deedum source is:

Dec 15 · 4 days ago

1 Later Comment

hey @jsreed5 , thanks for bringing this up. First thin I have to say is: you might be right. That's a part of the code that I have not fiddled with. I also don't think I know enough about cryptograpry to trust myself not to fuck something up. I'll have to take a look at the code and the libraries used and see what's supported. I'll report back :)

Original Post

Help with certificates — Could someone help me with a potentially dumb question here? I'm trying to be able to post from both laptop and cell interchangably. I can't seem to get certificates from my laptop (openssl certs used with amfora) to work on my phone (grapheneOS, f-droid's deedum). The files are on my phone, but deedum doesn't have an option to import them, just a set of textboxes. I've tried copy/pasting the cert information, and deedum said it wasn't a valid cert. I feel like this is...