> On 26 Jul 2017, at 15:56, SaAtomic <saato...@keemail.me> wrote: > > Thanks for the reply. > I'm still not sure I understand this correctly. > > So the length of modulus is the essential part, determining the security of > the DH, right?
Mostly. > With ECC, this is defined by the used curves. > Without ECC, this is determined by the DH parameters (from the .pem file I > mentioned). > > If a server only supported ECDH or ECDHE, the DH parameters (.pem) file > wouldn't even be needed. Yes, in that case, you only need an EC key (and also EC parameters to generate this key, of course) > > Is this correct? > > Thank you for your help, > kind regards, > SaAtomic > > --------- > > Paul Yang paulyang.inf at gmail.com > > Wed Jul 26 07:19:31 UTC 2017 > > The ‘key size’ concept is usually referred to the length of modulus. (In > > public key crypto area) > > For DH and ECDH, it (the size) ’s generated and defined in the > > ‘parameters’, as you pasted. Parameters are not exactly the final ‘keys’, > > they are the ‘materials’ to produce keys (both private ones and public > > ones), either for DH or ECDH. For DH, you generate parameters based on a > > given length of prime, and this length is what you called ‘key size’ (e.g. > > 2048), for ECC the parameters are generated based on named curves, such as > > prime192v1/prime239v1..., in this case, the ‘key > size’ is 192/239bit. In > > both case, the prime numbers are used as modulus being used while doing DH > > or EC crypto calculations... > > > > If you get either a DH or EC key, you could use the following command of > > OpenSSL to check the ‘key size’: > > > > openssl pkey -in xyz.key -noout -text > > > > check the Private-Key: (xxxx bit) in the output. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users