TLS certificate sizes in Geminispace

[Paul Warren]

On 27/6/20 8:37 pm, Paul Warren wrote:
> G'day!
> 
> I've put an ed25519 based cert on gemini://gem.pwarren.id.au/ which is
> being served out by the latest gemserv.
> 
> I generated it on debian with openssl 1.1.1d via:
> 
> $ openssl genpkey -algorithm ED25519 > gemkey.pem
> 
> $ openssl req -x509 -key gemkey.pem -subj "/CN=gem.pwarren.id.au"
> -reqexts SAN -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf
> "[SAN]\nsubjectAltName=DNS:gem.pwarren.id.au,DNS:gemini.pwarren.id.au,DNS:gemini.lan"))
> -out gemnew.pem -days 3600
> 
> I'm not sure if SANs are required really for gemini, I think with the
> TOFU idea it's only the hash that matters?
> 
> The new cert is 489 bytes vs the 1830 for the old RSA keyed certificate
> (in PEM format), most of my content so far is < 2000 bytes!
> 
> Cheers
> --
> Paul


Uh, oh, in all this mucking about with certs, I overwrote my Astrobotany
key, which I'd not got round to backing up yet :(

Not sure what'll happen to my legendary hissing mature pachypodium now!

(Apologies for the previous top post!

--
Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1003 bytes
Desc: OpenPGP digital signature
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200627/e30cd6e7/attachment.sig>