OpenSSL and Elliptic Curve cryptography

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL and Elliptic Curve cryptography

Bill Merriam
The openssl package is currently built without support for Elliptic
Curve cryptography.  Presumably ECC was at one time patent encumbered.
Does anyone know if that is still the case?

Bill
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL and Elliptic Curve cryptography

Marcus Meissner
On Sun, Dec 21, 2014 at 11:31:05AM -0500, Bill Merriam wrote:
> The openssl package is currently built without support for Elliptic
> Curve cryptography.

This is incorrect. What makes you think it is?

CIao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL and Elliptic Curve cryptography

Bill Merriam
On Sun, 21 Dec 2014 17:35:00 +0100
Marcus Meissner <[hidden email]> wrote:

> On Sun, Dec 21, 2014 at 11:31:05AM -0500, Bill Merriam wrote:
> > The openssl package is currently built without support for Elliptic
> > Curve cryptography.
>
> This is incorrect. What makes you think it is?
>
> CIao, Marcus

Thank you, Marcus, for your quick reply.  

You are right.  My statement was incorrect.  I should have said it is
built without support for some of the curves that openssl includes.  I
ran into this trying to run Tribler which uses KEYPAIR_ECC_CURVE =
EC.NID_sect233k1 which our build does not include.  There is a
configuration option "no-ec2m" which may be involved.

On opensuse 13.2 this command: openssl ecparam -list-curves

Lists these curves:
  secp112r1 : SECG/WTLS curve over a 112 bit prime field
  secp112r2 : SECG curve over a 112 bit prime field
  secp128r1 : SECG curve over a 128 bit prime field
  secp128r2 : SECG curve over a 128 bit prime field
  secp160k1 : SECG curve over a 160 bit prime field
  secp160r1 : SECG curve over a 160 bit prime field
  secp160r2 : SECG/WTLS curve over a 160 bit prime field
  secp192k1 : SECG curve over a 192 bit prime field
  secp224k1 : SECG curve over a 224 bit prime field
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
  prime192v2: X9.62 curve over a 192 bit prime field
  prime192v3: X9.62 curve over a 192 bit prime field
  prime239v1: X9.62 curve over a 239 bit prime field
  prime239v2: X9.62 curve over a 239 bit prime field
  prime239v3: X9.62 curve over a 239 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field
  wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls12: WTLS curvs over a 224 bit prime field

On Ubuntu 14.10 Utopic the same command lists these curves:
  secp112r1 : SECG/WTLS curve over a 112 bit prime field
  secp112r2 : SECG curve over a 112 bit prime field
  secp128r1 : SECG curve over a 128 bit prime field
  secp128r2 : SECG curve over a 128 bit prime field
  secp160k1 : SECG curve over a 160 bit prime field
  secp160r1 : SECG curve over a 160 bit prime field
  secp160r2 : SECG/WTLS curve over a 160 bit prime field
  secp192k1 : SECG curve over a 192 bit prime field
  secp224k1 : SECG curve over a 224 bit prime field
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
  prime192v2: X9.62 curve over a 192 bit prime field
  prime192v3: X9.62 curve over a 192 bit prime field
  prime239v1: X9.62 curve over a 239 bit prime field
  prime239v2: X9.62 curve over a 239 bit prime field
  prime239v3: X9.62 curve over a 239 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field
  sect113r1 : SECG curve over a 113 bit binary field
  sect113r2 : SECG curve over a 113 bit binary field
  sect131r1 : SECG/WTLS curve over a 131 bit binary field
  sect131r2 : SECG curve over a 131 bit binary field
  sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field
  sect163r1 : SECG curve over a 163 bit binary field
  sect163r2 : NIST/SECG curve over a 163 bit binary field
  sect193r1 : SECG curve over a 193 bit binary field
  sect193r2 : SECG curve over a 193 bit binary field
  sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect239k1 : SECG curve over a 239 bit binary field
  sect283k1 : NIST/SECG curve over a 283 bit binary field
  sect283r1 : NIST/SECG curve over a 283 bit binary field
  sect409k1 : NIST/SECG curve over a 409 bit binary field
  sect409r1 : NIST/SECG curve over a 409 bit binary field
  sect571k1 : NIST/SECG curve over a 571 bit binary field
  sect571r1 : NIST/SECG curve over a 571 bit binary field
  c2pnb163v1: X9.62 curve over a 163 bit binary field
  c2pnb163v2: X9.62 curve over a 163 bit binary field
  c2pnb163v3: X9.62 curve over a 163 bit binary field
  c2pnb176v1: X9.62 curve over a 176 bit binary field
  c2tnb191v1: X9.62 curve over a 191 bit binary field
  c2tnb191v2: X9.62 curve over a 191 bit binary field
  c2tnb191v3: X9.62 curve over a 191 bit binary field
  c2pnb208w1: X9.62 curve over a 208 bit binary field
  c2tnb239v1: X9.62 curve over a 239 bit binary field
  c2tnb239v2: X9.62 curve over a 239 bit binary field
  c2tnb239v3: X9.62 curve over a 239 bit binary field
  c2pnb272w1: X9.62 curve over a 272 bit binary field
  c2pnb304w1: X9.62 curve over a 304 bit binary field
  c2tnb359v1: X9.62 curve over a 359 bit binary field
  c2pnb368w1: X9.62 curve over a 368 bit binary field
  c2tnb431r1: X9.62 curve over a 431 bit binary field
  wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary
field wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary
field wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit
binary field wap-wsg-idm-ecid-wtls12: WTLS curvs over a 224 bit prime
field Oakley-EC2N-3:
        IPSec/IKE/Oakley curve #3 over a 155 bit binary field.
        Not suitable for ECDSA.
        Questionable extension field!
  Oakley-EC2N-4:
        IPSec/IKE/Oakley curve #4 over a 185 bit binary field.
        Not suitable for ECDSA.
        Questionable extension field!

Can you explain why they have more curves than we do?

Bill
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL and Elliptic Curve cryptography

Marcus Meissner
On Sun, Dec 21, 2014 at 12:09:20PM -0500, Bill Merriam wrote:

> On Sun, 21 Dec 2014 17:35:00 +0100
> Marcus Meissner <[hidden email]> wrote:
>
> > On Sun, Dec 21, 2014 at 11:31:05AM -0500, Bill Merriam wrote:
> > > The openssl package is currently built without support for Elliptic
> > > Curve cryptography.
> >
> > This is incorrect. What makes you think it is?
> >
> > CIao, Marcus
>
> Thank you, Marcus, for your quick reply.  
>
> You are right.  My statement was incorrect.  I should have said it is
> built without support for some of the curves that openssl includes.  I
> ran into this trying to run Tribler which uses KEYPAIR_ECC_CURVE =
> EC.NID_sect233k1 which our build does not include.  There is a
> configuration option "no-ec2m" which may be involved.

The "no-ec2m" option is set in our build, correct, so no binary
curves are included by default.

> Can you explain why they have more curves than we do?

You probably know the first rule of talking to the legal department.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL and Elliptic Curve cryptography

Anton Aylward-2
On 12/21/2014 12:18 PM, Marcus Meissner wrote:

>
> You probably know the first rule of talking to the legal department.


The first rule of dealing with lawyers is never to ask them what to do
or let them tell you what to do.  You tell them what you are going to do
and tell them to do what's necessary to make it happen including any CYA.

Its you that runs the business, not them,  You employ and pay them, not
the other way round.


--
The reasonable man adapts himself to the world; the unreasonable one
persists to adapt the world to himself.  Therefore all progress depends
on the unreasonable man.
    --George Bernard Shaw
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]