On 2/3/2013 3:59 PM, Stefan Schindler wrote:
Good evening everybody I'm setting up 3 servers for mobile clients. Because the data is allways very small, i think the curve sect571r1 fit's best. I didn't find much helpful documentation on the net, so it would be very cool if you could provide some.
You did not say what you will do with ECC. authentication, signature, key agreement, etc. There are a number of IETF RFCs dealing with ECC in different protocols, as well as NSA and NIST recommendations for how to use ECC. This spells out the key sizes/curves to be used on PIV smart cards: http://csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf You might find it useful.
I created my first keys with these commands: openssl ecparam -out defaultServer-key.pem -name sect571r1 -genkey openssl req -newkey ec:defaultServer-key.pem -x509 -nodes -days 365 -keyout defaultServer-pkey.pem -out defaultServer-cert.pem I will try to setup a CA, so the clients can verify the 3 servers. Documentation would be appreciated too. Regards Stefan
-- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
