When I read your first message I thought you were unable to use them using OpenSSL.
Yes, the curves you are most likely looking for have been removed as the CSR describes. Tony > On Sep 28, 2021, at 8:32 AM, David Blevins <[email protected]> wrote: > > >> >>> On Sep 28, 2021, at 12:49 AM, David Blevins <[email protected]> wrote: >>> >>>> On Sep 27, 2021, at 3:32 PM, Anthony Scarpino >>>> <[email protected]> wrote: >>> >>> On 9/27/21 2:22 PM, David Blevins wrote: >>>> I've been putting a significant amount of work into compiling a large set >>>> of elliptic curve parameters/names/oids for an open source library and a >>>> related closed source security product we have. We need to be able to >>>> support any of the curves that OpenSSL/LibreSSL support. >>>> The trick is this is currently impossible due to hardcoding in OpenJDK 16. >>>> Though you supply valid parameters via ECParameterSpec, when you attempt >>>> to construct an instance of ECPrivateKey or ECPublicKey you hit code in >>>> sun.security.util.CurveDB that does a "reverse lookup" of sorts to find >>>> the curve name. If it's not a curve CurveDB knows about, you can't use it. >>>> Is there willingness to accept contributions that would remove this >>>> limitation? >>> >>> We haven't heard such issues since native obsolete curves were removed from >>> 16. We are will to take contributions upon review. If you're going to >>> formally contribute the code, you should check out >>> https://openjdk.java.net/contribute/ >> >> Thanks, Tony. >> >> It also appears that of the 60 curves supported only 3 of them can be used >> to sign/verify. Any insight as to why? > > Found my own answer on this second question. > > - https://bugs.openjdk.java.net/browse/JDK-8251547 > > > -David >
