Re: [openssl-users] Elliptic curves approved or recommended by government
> Is there a up to date list of elliptic curves approved or recommended for > government use in OpenSSL? You'll have to look outside OpenSSL for advice like that. I would suggest looking at the CFRG, part of the IETF basically. Do web search for curve recommendations. Good luck. It's a contentious area. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Elliptic curves approved or recommended by government
Thanks for the reply Jakob. Is there a mapping in the government's elliptic curve names to the names in OpenSSL? For instance, the API EC_KEY_new_by_curve_name( int nid ) takes an id of the EC name where the id can be something like NID_X9_62_prime256v1, NID_X9_62_prime239v3, etc. that are defined in ob_jmac.h. What I would like to know is how the names are related to NIST's recommendation list? Is there a convention? Thanks On 11/11/2015 1:08 PM, Jakob Bohm wrote: On 11/11/2015 21:02, Alex Chen wrote: I see there is a list of recommended list by NIST in http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, but it is very old (1999) Is there a up to date list of elliptic curves approved or recommended for government use in OpenSSL? Is NID_X9_62_prime256v1 the strongest? First of all, it depends on *which government*, NIST is for the USA Government only, though some allied countries may have copied their decisions. Secondly, since ca. 1999, the official list has been mostly unchanged, namely those that are listed in the official NIST standard FIPS 186-2 for use with ECDSA and in NIST Special publication SP 800-56A for ECDH. So far, the public adjustments have been: 2005: The official Suite B list of ciphers was published and included the P-256 and P-384 bit curves as minimum. Around the same time they made a secret Suite A list of ciphers for stuff more secret than "top secret". 2015: NSA announced that they will soon start work on a new list, and that government departments should not waste taxpayers money doing the upgrade to Suite B just a few years before it becomes obsolete. However for use at this time they recommend P-384 or 3072 bit RSA/DH as a good minimum while accepting the next step down (P-256 or 2048 bit RSA/DH) in already built systems. They also recommend the use of pure symmetric key solutions with strong (256 random bits) keys as the best current solution where possible. The (non-classified) current official advice can be read at https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S.https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Elliptic curves approved or recommended by government
I see there is a list of recommended list by NIST in http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, but it is very old (1999) Is there a up to date list of elliptic curves approved or recommended for government use in OpenSSL? Is NID_X9_62_prime256v1 the strongest? Thanks Alex ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Elliptic curves approved or recommended by government
In the NSA page referred above, the p-384 curves are specifically mentioned for DH. These would be the ones covered by the Suite B NSA license sub-licensed to OpenSSL, are they ? Is it possible to build OpenSSL in FIPS in such a way that only these curves will be used ? Regards. -- View this message in context: http://openssl.6102.n7.nabble.com/Elliptic-curves-approved-or-recommended-by-government-tp60944p60946.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Elliptic curves approved or recommended by government
On 11/11/2015 21:02, Alex Chen wrote: I see there is a list of recommended list by NIST in http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, but it is very old (1999) Is there a up to date list of elliptic curves approved or recommended for government use in OpenSSL? Is NID_X9_62_prime256v1 the strongest? First of all, it depends on *which government*, NIST is for the USA Government only, though some allied countries may have copied their decisions. Secondly, since ca. 1999, the official list has been mostly unchanged, namely those that are listed in the official NIST standard FIPS 186-2 for use with ECDSA and in NIST Special publication SP 800-56A for ECDH. So far, the public adjustments have been: 2005: The official Suite B list of ciphers was published and included the P-256 and P-384 bit curves as minimum. Around the same time they made a secret Suite A list of ciphers for stuff more secret than "top secret". 2015: NSA announced that they will soon start work on a new list, and that government departments should not waste taxpayers money doing the upgrade to Suite B just a few years before it becomes obsolete. However for use at this time they recommend P-384 or 3072 bit RSA/DH as a good minimum while accepting the next step down (P-256 or 2048 bit RSA/DH) in already built systems. They also recommend the use of pure symmetric key solutions with strong (256 random bits) keys as the best current solution where possible. The (non-classified) current official advice can be read at https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Elliptic curves approved or recommended by government
On 11/11/15 20:53, jonetsu wrote: > In the NSA page referred above, the p-384 curves are specifically mentioned > for DH. These would be the ones covered by the Suite B NSA license > sub-licensed to OpenSSL, are they ? Is it possible to build OpenSSL in FIPS > in such a way that only these curves will be used ? OpenSSL 1.0.2 has Suite B support. It can be configured via the cipher list. See SUITEB128, SUITEB128ONLY, SUITEB192 here: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
