From: owner-openssl-us...@openssl.org On Behalf Of mehroz
Sent: Friday, 21 June, 2013 10:45
To: openssl-users@openssl.org
Subject: Any issue in these instruction?
openssl ecparam -name secp160r2 -out CA_CURVE.pem
openssl req -out cacert.pem -new -x509 -keyout cakey.pem -newkey
ec:CA_CURVE.pem -nodes -days 600 -sha1
openssl req -new -out TMPFILE.req -newkey ec:CA_CURVE.pem -keyout
TMPFILE.key -nodes -sha1
openssl x509 -req -CAkey cakey.pem -CA cacert.pem -CAcreateserial -in
TMPFILE.req -out TMPFILE.crt -days 600 -sha1
Any problem here?
That's a very broad question.
If you have a good openssl from the last several years executable
and openssl.cnf readable and curr dir writable, the above should
create a key with that ECC curve and self-signed cert usable as
an ad-hoc CA (subject maybe to extensions?), and another key with
same curve and child cert under that ad-hoc CA, with DNs you
typed (must be distinct and thus can't come from same openssl.cnf),
and extensions as and if configured in openssl.cnf. Also .srl and
leftover .req. If that's what you want, no problem.
Depending on KU that keycert can be used for ECHDE-ECDSA or ECDH(static)
suites with a supporting peer, but in openssl 0.9.8 not by default.
600 days is a rather odd validity period, but not necessarily wrong.
I don't know how ECC dlog analysis is going, or if it is even
the same as integer dlog, but 80-bit strength in general is now
considered too low by many, and as an important example disallowed
for applying (for SSL/TLS presumably signing or agreement)
beginning next year for US government use by NIST SP800-57 rev3.
As far as I know NIST doesn't prohibit products from supporting
disallowed strengths any more than it does unapproved algorithms,
although it probably discourages *defaulting* to them.
Last I tested, Windows/IE Firefox and Chrome ECC implementations did not
offer prime curves 256, and didn't handle p160k1 cert (the one I tried).
For that matter NIST also disallows SHA-1 as a signature hash
beginning next year, nominally including certs although CA has
enough control over cert-TBS to mitigate collisions, but I see
little sign of public CAs implementing this, whereas they are
doing RSA=2048 as also required (and not doing ECC at all).
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org