secp256k1 is a permitted curve for X.509 certificates
You could allow any root that has the npub’s key, so it could sign sub-CAs or temporary keys for servers.
Login to reply
Replies (2)
it's gotta be the ecdsa public key tho, 33 bytes and all that. i didn't know that x509s can be secp256k1 tho. i thought r1 was the only one that most of the things permitted. TLS definitely. also JWT only r1.
When i tried to code it a few months back, I got stuck on some PKIX assigned number that didn't have an entry for secp256k1. But I'm recalling this from memory so I could be wrong here.