PKI Pedersen Commitment

Implementation with custom extensions of X.509 certificates

Image of sealed envelope

This project should be an useful example of using OpenSSL to manipulate X.509 certificates and CSRs using custom extensions.

The included tools, commitment_req and commitment_chk, implement the Pedersen commitment scheme in this way:

  • commitment_req calculates and inserts into a CSR the "commitment" value
  • commitment_chk verifies the commitment value inserted into a CSR or a signed certificate, when the CA accepts the CSR and releases it

The entire process, including the CA setup, can be tested with the included bash script testing.sh.
You obviously need the OpenSSL libraries and the openssl utility installed on your system to compile the sources and run the script.


Source code is available for download:

source code archive source code repository