Use ECC keys for authentication between Mender client server

Thanks for this! Very helpful guide.

I got all of this working just fine but would like to use ECC instead of RSA. I followed this guide and generated the ECC keys using the following:

openssl ecparam -genkey -name prime256v1 -out private-and-params.key
openssl ec -in private-and-params.key -out private.key
openssl ec -in private-and-params.key -pubout -out public.key

Then I use the same method to generate a signature

X_MEN_SIGNATURE=$(echo -n "${REQUEST_BODY}" | openssl dgst -sha256 -sign private.key | openssl base64 -A)

But when I go to send the authorization request I get an error about not being able to decode the public key. Any suggestions? Am I generating the keys correctly?

Hi @msaenger, glad you found the guide useful.

Regarding ECC, unfortunately this is a limitation in the backend and it only accepts RSA. It is something that we are looking at, but nothing committed yet.

Ah okay. Thanks for the quick response.