Hello Peter, all, thanks for the hint.. but I was actually looking more at a way to check if a certificate has been signed with one of the curves you listed. Maybe it is not possible, but it would be nice to be able to say "this certificate has been signed with P-256" - since this can be a requirement for rejecting or accepting a certificate.
The other solution is to extract the key from the signer's certificate, check the signature with it and, if it checks out, check that the key is of a particular curve... is there any better way to do it ? Cheers, Max On 03/22/2011 12:14 AM, Peter Waltenberg wrote:
The only good way I found was to use the defined OID's - something like
this - no guarantees this table is correct, you should check it.
const char *NIST_by_OID[] = {
"1.2.840.10045.3.1.1", /* P-192 */
"1.3.132.0.33", /* P-224 */
"1.2.840.10045.3.1.7", /* P-256 */
"1.3.132.0.34", /* P-384 */
"1.3.132.0.35", /* P-521 */
"1.3.132.0.1", /* K-163 */
"1.3.132.0.26", /* K-233 */
"1.3.132.0.16", /* K-283 */
"1.3.132.0.36", /* K-409 */
"1.3.132.0.38", /* K-571 */
"1.3.132.0.15", /* B-163 */
"1.3.132.0.27", /* B-233 */
"1.3.132.0.17", /* B-283 */
"1.3.132.0.37", /* B-409 */
"1.3.132.0.39", /* B-571 */
NULL
};
OBJ_txt2nid() will handle these as well as the names you are more familliar
with.
Peter
smime.p7s
Description: S/MIME Cryptographic Signature
