Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On 07/20/2011 12:45 PM, Gaglia wrote: ... Feedbacks always appreciated, in case somebody has further investigated the issue :) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On 07/16/2011 07:13 PM, y...@inbox.lv wrote: ... So everybody here seems to agree that steps 1)...7) I listed in the first post are correct, and that the problem in EC management lies in OpenVPN, right? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On 07/16/2011 06:50 AM, y...@inbox.lv wrote: openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt WARNING: can't open config file: /usr/local/ssl/openssl.cnf Error setting context My premise is that we are considering only OpenSSL v 1.0.0. Under this condition, as I wrote in the first post, I do something like: # generate EC private key for curve sect571k1, no point compression # (to enable point compression, use -conv_form compressed ) openssl ecparam -out cakey.pem -name sect571k1 -text -genkey # generate EC certificate with the above private key with SHA512 # (note that the -sha512 arg has no effect if using v0.9.8, it # will use SHA-1 instead) openssl req -out cacert.pem -key cakey.pem -sha512 -x509 -new # check that everything is OK openssl x509 -text -in cacert.pem Certificate: ... *Signature Algorithm: ecdsa-with-SHA512* Issuer: ... Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 02:3A:... ASN1 OID: sect571k1 X509v3 extensions: ... *Signature Algorithm: ecdsa-with-SHA512* 20:89:... -BEGIN CERTIFICATE- MIJ... ... ASd45g== -END CERTIFICATE- Any wrongdoing up to here? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On Sat, Jul 16, 2011, y...@inbox.lv wrote: openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt WARNING: can't open config file: /usr/local/ssl/openssl.cnf Error setting context 5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid digest type:.c ryptoecec_pmeth.c:229: AFAIK there is no standard for using ECC with ripemd160. OpenSSL supports SHA1 and SHA2 algorithms with ECC. So if you used -sha256 it should work. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
sha256 worked. (both for dgst and for req) If i understand correctly, ECDSA algorithm only needs hash as a defined length bitstring, so adapting ripemd in place of sha1 should have been easier than sha256 (because ripemd has the same length as sha1, sha256 is longer). Citējot *Dr. Stephen Henson st...@openssl.org [1]*: On Sat, Jul 16, 2011, y...@inbox.lv wrote: openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt WARNING: can't open config file: /usr/local/ssl/openssl.cnf Error setting context 5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid digest type:.c ryptoecec_pmeth.c:229: AFAIK there is no standard for using ECC with ripemd160. OpenSSL supports SHA1 and SHA2 algorithms with ECC. So if you used -sha256 it should work. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -- Tavs bezmaksas pasts Inbox.lv Links: -- [1] mailto:st...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On Thu, Jul 14, 2011 at 3:35 PM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton aerow...@gmail.com wrote: Dismissed or withdrawn? It seems to me Certicom stopped bitting a hand that feeds it. Jeff Looking at the docket, it looks like they reached an agreement to dismiss without prejudice (meaning the suit could be refiled in the future). -Kyle H Verify This Message with Penango.p7s Description: S/MIME Cryptographic Signature
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On 07/15/2011 08:23 AM, Kyle Hamilton wrote: ... Excuse me, I got lost somewhere... Does this mean that it is not possible to use EC crypto with OpenSSL because the algorithms are patented? If so, why OpenSSL does provide support to EC crypto? Sorry, I don't want to start a religion war, but as an EU citizen (and as like as many other humans too, I guess), I find unbelievably absurd the idea of patenting the mathematical description of an algorithm. Let's put it in this way: in the unlikely and deplorable event of an user willing to illegally use patented EC cryptography with OpenSSL for personal use (hence assuming responsibility for any consequence), could he/she use OpenSSL? Is OpenSSL able to handle this kind of crypto? I guess yes, for (as in the first post of the thread) I managed to apparently do a lot of things with the curve of my choice... My question is, apart from legal considerations: did I do something wrong in the certificate generation process? Thanks for any help :) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
Version of ECDSA available in openssl 1.0.0d supports only SHA1. (maybe there are patches, which adds other hash functions, but default build on win32 supports only sha1). ECDH and ECDSA are not guaranteed to use the same curve. At least with s_server curve for ECDSA is specified in certificate, but curve for ECDH is specified by -named_curve argument. Other programs probably use something similar. Last time i searched openvpn forums for anything ECC related, did not found anything (probably bad keywords, but also might be lack of ECC support). Citējot *Kyle Hamilton aerow...@gmail.com [1]*: ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the Digital Signature Algorithm. DSA was developed by the US National Security Agency as a means of creating prime-factorization-based signatures without providing code paths which would permit the encryption of arbitrary data. ANSI X9 has object identifiers for ECDSA with a variety of hashes. 1.2.840.10045.4.3. and then one of the following: 1: ECDSA with SHA-224 2: with SHA-256 3: SHA-384 4: SHA-512 The information on the curve in use is part of subjectPublicKeyInfo: Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (521 bit) pub: 04:00:ef:07:81:ff:79:01:d3:10:a4:42:6b:d5:37: a9:ed:6b:a4:1d:20:8a:20:b6:44:34:09:d9:3d:f0: 69:0f:b2:65:3f:d9:dd:68:72:a7:2b:cd:d4:70:e9: cb:21:dd:05:34:1b:4e:42:0f:65:63:5e:b9:24:a6: 40:f6:cc:22:94:ea:3b:01:7f:65:38:09:33:b0:0d: b3:91:b6:1d:4a:a7:9f:17:2e:56:4d:ff:14:d3:aa: 65:5d:3a:3d:ba:c2:d9:30:30:41:73:14:3e:6e:c7: 01:ae:af:52:b6:cc:31:6d:26:dd:39:dc:60:c8:b9: 07:fb:21:38:ec:75:dc:0f:3b:b7:9d:44:35 Field Type: prime-field Prime: 01:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff A: 01:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:fc B: 51:95:3e:b9:61:8e:1c:9a:1f:92:9a:21:a0:b6:85: 40:ee:a2:da:72:5b:99:b3:15:f3:b8:b4:89:91:8e: f1:09:e1:56:19:39:51:ec:7e:93:7b:16:52:c0:bd: 3b:b1:bf:07:35:73:df:88:3d:2c:34:f1:ef:45:1f: d4:6b:50:3f:00 Generator (uncompressed): 04:00:c6:85:8e:06:b7:04:04:e9:cd:9e:3e:cb:66: 23:95:b4:42:9c:64:81:39:05:3f:b5:21:f8:28:af: 60:6b:4d:3d:ba:a1:4b:5e:77:ef:e7:59:28:fe:1d: c1:27:a2:ff:a8:de:33:48:b3:c1:85:6a:42:9b:f9: 7e:7e:31:c2:e5:bd:66:01:18:39:29:6a:78:9a:3b: c0:04:5c:8a:5f:b4:2c:7d:1b:d9:98:f5:44:49:57: 9b:44:68:17:af:bd:17:27:3e:66:2c:97:ee:72:99: 5e:f4:26:40:c5:50:b9:01:3f:ad:07:61:35:3c:70: 86:a2:72:c2:40:88:be:94:76:9f:d1:66:50 Order: 01:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:fa:51:86:87:83:bf:2f:96:6b:7f:cc:01: 48:f7:09:a5:d0:3b:b5:c9:b8:89:9c:47:ae:bb:6f: b7:1e:91:38:64:09 Cofactor: 1 (0x1) Seed: d0:9e:88:00:29:1c:b8:53:96:cc:67:17:39:32:84: aa:a0:da:64:ba Signature Algorithm: ecdsa-with-SHA256 30:81:87:02:41:7b:7d:88:a9:56:e8:d5:a0:f6:38:e7:85:4c: f5:1c:81:64:de:92:25:37:42:2d:31:cb:8b:af:04:32:7b:d7: 06:19:4a:eb:a9:ca:9d:88:38:11:99:bc:2e:2b:35:e6:69:1c: ca:1c:8c:86:7d:74:bc:dd:96:20:8e:38:01:63:15:8b:02:42: 01:66:42:70:5f:2e:cc:fb:1f:f3:d4:96:54:e9:b7:0a:3b:82: ec:b7:90:45:19:c0:ac:4c:ef:82:3d:77:07:e1:4d:13:81:d3: 12:23:bc:84:4f:9b:ac:55:c4:a1:3b:85:08:5a:2f:ae:ad:45: 3f:5f:da:cd:80:45:c9:79:58:d3:79:a2 The curve in use can be named (reducing the size of the subjectPublicKeyInfo), or it can be specified explicitly (like the above). (I included the hash to show that it is indeed legitimate to have a different hash size. I should note that I didn't generate this with OpenSSL, and I don't know how
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On Fri, Jul 15, 2011, y...@inbox.lv wrote: Version of ECDSA available in openssl 1.0.0d supports only SHA1. (maybe there are patches, which adds other hash functions, but default build on win32 supports only sha1). What makes you think that? OpenSSL 0.9.8 only supports SHA1 with ECDSA in things like certificates but 1.0.0 and later should support other hashes such as SHA256. Can you give an example where 1.0.0 is failing? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On Fri, Jul 15, 2011 at 10:32 AM, Gaglia san...@paranoici.org wrote: On 07/15/2011 08:23 AM, Kyle Hamilton wrote: ... Excuse me, I got lost somewhere... Does this mean that it is not possible to use EC crypto with OpenSSL because the algorithms are patented? If so, why OpenSSL does provide support to EC crypto? EC is considered to be a patent minefield. Some people (RSA Data Security) say that it's possible to implement EC cryptography using different types of algorithms which are not covered by the patents. Other people (Bruce Schneier, US NSA) say that the mechanism itself is patented, not simply specific algorithms for calculation. The US NSA licensed from Certicom the right to sublicense the EC algorithms used in Suite B. My understanding is that OpenSSL received a gift from Sun Microsystems of its EC sublicense from NSA. Let's put it in this way: in the unlikely and deplorable event of an user willing to illegally use patented EC cryptography with OpenSSL for personal use (hence assuming responsibility for any consequence), could he/she use OpenSSL? Is OpenSSL able to handle this kind of crypto? Yes. And, given OpenSSL's EC sublicense gift, the user of OpenSSL (if my understanding is correct, IANAL!) is also licensed. I guess yes, for (as in the first post of the thread) I managed to apparently do a lot of things with the curve of my choice... My question is, apart from legal considerations: did I do something wrong in the certificate generation process? Nobody can know unless you post the certificate in question, or at the least the dump of the x509 structure you have. One thing that might cause a problem is if you enabled EC point compression in your OpenSSL compile, as I don't believe OpenSSL has a license for that. -Kyle H __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On 07/15/2011 05:36 PM, Kyle Hamilton wrote: ... EC is considered to be a patent minefield. Some people (RSA Data Security) say that it's possible to implement EC cryptography using different types of algorithms which are not covered by the patents. Other people (Bruce Schneier, US NSA) say that the mechanism itself is patented, not simply specific algorithms for calculation. I'll make just one comment here: U.S. patent law, at least as applied to software, is a festering cesspool. The US NSA licensed from Certicom the right to sublicense the EC algorithms used in Suite B. My understanding is that OpenSSL received a gift from Sun Microsystems of its EC sublicense from NSA. OpenSSL (in the guise of its corporate manifestation, the OpenSSL Software Foundation), is a direct NSA sublicensee (http://opensslfoundation.com/testing/docs/NSA-PLA.pdf). Note that sublicense only covers some prime field ECC; for the rest of it seek competent legal advice. Also note the license is nontransferrable. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On Fri, Jul 15, 2011 at 5:36 PM, Kyle Hamilton aerow...@gmail.com wrote: On Fri, Jul 15, 2011 at 10:32 AM, Gaglia san...@paranoici.org wrote: On 07/15/2011 08:23 AM, Kyle Hamilton wrote: ... Excuse me, I got lost somewhere... Does this mean that it is not possible to use EC crypto with OpenSSL because the algorithms are patented? If so, why OpenSSL does provide support to EC crypto? EC is considered to be a patent minefield. Some people (RSA Data Security) say that it's possible to implement EC cryptography using different types of algorithms which are not covered by the patents. Consider the source: RSA's strongest competition is ECC and Certicom (or should we say ECC's past competition was RSA?). RSA Data Security managed to implant RSA into DSA with heavy lobbying, but RSA's glory days are behind them or gone. The SecurID scandal is another testament to the fact. I often wonder why open source implementations even care: (1) the implementations are often available through out the world, where US patent law does not apply, (2) for US domestic uses, push the burden of licensing compliance onto the user (or #define out any code found to be offense by *real* lawyers), and (3) most implementors don't have the money to make it worthwhile to litigate. For (3), Certicom most likely won't make a dime, so there's no monetary relief or benefit even if they incur loss or damages. And at best, they will probably be granted an injunction against US distribution. Guess wheat folks will do in that case (what did they do with RSA - download form Australia or Germany or ...). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt WARNING: can't open config file: /usr/local/ssl/openssl.cnf Error setting context 5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid digest type:.c ryptoecec_pmeth.c:229: Also, in documentation on pkeyutl program is mentioned, that ECDSA supports only sha1 http://www.openssl.org/docs/apps/pkeyutl.html# (subsection EC ALGORITHM) Documentation on dgst program did not mention any limitations for choice of hash, there only was said, that sha1 is preferred choice. That EC key used in failed example above is based on secp521r1 and was generated by openssl. Citējot *Dr. Stephen Henson st...@openssl.org [1]*: On Fri, Jul 15, 2011, y...@inbox.lv wrote: Version of ECDSA available in openssl 1.0.0d supports only SHA1. (maybe there are patches, which adds other hash functions, but default build on win32 supports only sha1). What makes you think that? OpenSSL 0.9.8 only supports SHA1 with ECDSA in things like certificates but 1.0.0 and later should support other hashes such as SHA256. Can you give an example where 1.0.0 is failing? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -- Tavs bezmaksas pasts Inbox.lv Links: -- [1] mailto:st...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the Digital Signature Algorithm. DSA was developed by the US National Security Agency as a means of creating prime-factorization-based signatures without providing code paths which would permit the encryption of arbitrary data. ANSI X9 has object identifiers for ECDSA with a variety of hashes. 1.2.840.10045.4.3. and then one of the following: 1: ECDSA with SHA-224 2: with SHA-256 3: SHA-384 4: SHA-512 The information on the curve in use is part of subjectPublicKeyInfo: Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (521 bit) pub: 04:00:ef:07:81:ff:79:01:d3:10:a4:42:6b:d5:37: a9:ed:6b:a4:1d:20:8a:20:b6:44:34:09:d9:3d:f0: 69:0f:b2:65:3f:d9:dd:68:72:a7:2b:cd:d4:70:e9: cb:21:dd:05:34:1b:4e:42:0f:65:63:5e:b9:24:a6: 40:f6:cc:22:94:ea:3b:01:7f:65:38:09:33:b0:0d: b3:91:b6:1d:4a:a7:9f:17:2e:56:4d:ff:14:d3:aa: 65:5d:3a:3d:ba:c2:d9:30:30:41:73:14:3e:6e:c7: 01:ae:af:52:b6:cc:31:6d:26:dd:39:dc:60:c8:b9: 07:fb:21:38:ec:75:dc:0f:3b:b7:9d:44:35 Field Type: prime-field Prime: 01:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff A: 01:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:fc B: 51:95:3e:b9:61:8e:1c:9a:1f:92:9a:21:a0:b6:85: 40:ee:a2:da:72:5b:99:b3:15:f3:b8:b4:89:91:8e: f1:09:e1:56:19:39:51:ec:7e:93:7b:16:52:c0:bd: 3b:b1:bf:07:35:73:df:88:3d:2c:34:f1:ef:45:1f: d4:6b:50:3f:00 Generator (uncompressed): 04:00:c6:85:8e:06:b7:04:04:e9:cd:9e:3e:cb:66: 23:95:b4:42:9c:64:81:39:05:3f:b5:21:f8:28:af: 60:6b:4d:3d:ba:a1:4b:5e:77:ef:e7:59:28:fe:1d: c1:27:a2:ff:a8:de:33:48:b3:c1:85:6a:42:9b:f9: 7e:7e:31:c2:e5:bd:66:01:18:39:29:6a:78:9a:3b: c0:04:5c:8a:5f:b4:2c:7d:1b:d9:98:f5:44:49:57: 9b:44:68:17:af:bd:17:27:3e:66:2c:97:ee:72:99: 5e:f4:26:40:c5:50:b9:01:3f:ad:07:61:35:3c:70: 86:a2:72:c2:40:88:be:94:76:9f:d1:66:50 Order: 01:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:fa:51:86:87:83:bf:2f:96:6b:7f:cc:01: 48:f7:09:a5:d0:3b:b5:c9:b8:89:9c:47:ae:bb:6f: b7:1e:91:38:64:09 Cofactor: 1 (0x1) Seed: d0:9e:88:00:29:1c:b8:53:96:cc:67:17:39:32:84: aa:a0:da:64:ba Signature Algorithm: ecdsa-with-SHA256 30:81:87:02:41:7b:7d:88:a9:56:e8:d5:a0:f6:38:e7:85:4c: f5:1c:81:64:de:92:25:37:42:2d:31:cb:8b:af:04:32:7b:d7: 06:19:4a:eb:a9:ca:9d:88:38:11:99:bc:2e:2b:35:e6:69:1c: ca:1c:8c:86:7d:74:bc:dd:96:20:8e:38:01:63:15:8b:02:42: 01:66:42:70:5f:2e:cc:fb:1f:f3:d4:96:54:e9:b7:0a:3b:82: ec:b7:90:45:19:c0:ac:4c:ef:82:3d:77:07:e1:4d:13:81:d3: 12:23:bc:84:4f:9b:ac:55:c4:a1:3b:85:08:5a:2f:ae:ad:45: 3f:5f:da:cd:80:45:c9:79:58:d3:79:a2 The curve in use can be named (reducing the size of the subjectPublicKeyInfo), or it can be specified explicitly (like the above). (I included the hash to show that it is indeed legitimate to have a different hash size. I should note that I didn't generate this with OpenSSL, and I don't know how OpenSSL generates the sPKI.) Also, note the large number of 0xff bytes in the prime. These can be eliminated if you're willing to pay Certicom's point compression patent license fee. The patent situation around Elliptical Curve is a bit murky, but (IANAL) I am proceeding as though the narrow interpretation promoted by the RSA Crypto FAQ is correct: the patent situation is the opposite of what was the case for DH and RSA: the algorithm itself is not specifically described in any particular patent, only particular efficient implementations of it -- such as 'an efficient algorithm using only left-shift and add instructions'. The reason why there's murkiness is because everyone who does things is pretty much counseled to avoid looking at the patents -- if the patents are known, then it's evidence of willful
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton aerow...@gmail.com wrote: ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the Digital Signature Algorithm. DSA was developed by the US National Security Agency as a means of creating prime-factorization-based signatures without providing code paths which would permit the encryption of arbitrary data. ANSI X9 has object identifiers for ECDSA with a variety of hashes. [SNIP] The patent situation around Elliptical Curve is a bit murky, but (IANAL) I am proceeding as though the narrow interpretation promoted by the RSA Crypto FAQ is correct: the patent situation is the opposite of what was the case for DH and RSA: the algorithm itself is not specifically described in any particular patent, only particular efficient implementations of it -- such as 'an efficient algorithm using only left-shift and add instructions'. The reason why there's murkiness is because everyone who does things is pretty much counseled to avoid looking at the patents -- if the patents are known, then it's evidence of willful (rather than accidental) infringement and any punitive damages for such are tripled. However, Professer Dan J Bernstein says that his prime at 256 bits is unpatented and there's prior art from several years before the Certicom patents were filed -- and there was an infringement lawsuit brought by Certicom against Sony, which was dismissed in 2009. Dismissed or withdrawn? It seems to me Certicom stopped bitting a hand that feeds it. Jeff On Sun, Jul 10, 2011 at 8:27 PM, y...@inbox.lv wrote: When i searched on it, it seemed that ECDH requires specified named curve, and openVPN does not have a means of specifying it. Also, it seems that ECDSA works only with SHA-1 (I also would like to know, why it cannot take any 160 bit hash). I searched about it few weeks ago and relevant messages were few months old. Citējot Gaglia san...@paranoici.org: On 07/05/2011 03:23 PM, Gaglia wrote: I'm trying to make an OpenVPN setup with Elliptic Curves cryptography and SHA-512 on Linux Debian. No idea anybody, really? :( __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On 07/11/2011 05:27 AM, y...@inbox.lv wrote: When i searched on it, it seemed that ECDH requires specified named curve You need to specify the curve's name, like this: openssl ecparam -name sect571k1 but this should only be done in the parameters generation stage, the generated certificates should contain this information by themselves, so I don't think specifying it to OpenVPN should be needed. Also, it seems that ECDSA works only with SHA-1 This has been marked as a bug and it was fixed in the most recent versions of OpenSSL. I've met this issue with OpenSSL 0.9.8x (I don't remember the x), this version is indeed the deafult one for both Debain Squeeze and Ubuntu Natty, so this is quite annoying (I like Debian a lot, but its repos are often too much outdated). As I've written before, I've manually compiled OpenSSL v1.0.0 and I can read the following for my certificate, as expected: openssl x509 -text -in cacert.pem ... Signature Algorithm: ecdsa-with-SHA512 I searched about it few weeks ago and relevant messages were few months old. Same problem here :( it seems that if someone managed to solve the problem, he/she didn't bother to write back the solution. Thanks anyway for the reply, still waiting for further help, I can't believe nobody managed to solve this issue :( __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
On 07/05/2011 03:23 PM, Gaglia wrote: I'm trying to make an OpenVPN setup with Elliptic Curves cryptography and SHA-512 on Linux Debian. No idea anybody, really? :( __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)
When i searched on it, it seemed that ECDH requires specified named curve, and openVPN does not have a means of specifying it. Also, it seems that ECDSA works only with SHA-1 (I also would like to know, why it cannot take any 160 bit hash). I searched about it few weeks ago and relevant messages were few months old. Citējot *Gaglia san...@paranoici.org [1]*: On 07/05/2011 03:23 PM, Gaglia wrote: I'm trying to make an OpenVPN setup with Elliptic Curves cryptography and SHA-512 on Linux Debian. No idea anybody, really? :( Links: -- [1] mailto:san...@paranoici.org
