Re: [IPsec] Using ECC Brainpool curves with ipsec

[Yoav Nir]

On Jul 26, 2012, at 4:21 PM, Tero Kivinen wrote:

> If that is correct how does the PKIX solve this? I.e. when I have
> certificate signed by the some other certificate using DSA? If my
> reading of RFC5280 is correct there is this signatureAlgorithm ASN.1
> blob in front of the signature itself and that gives all that
> information (including the domain parameters and hash functions etc).
> 
> Is my understanding correct?

Yes. If you print out a certificate signed with ECDSA with OpenSSL, it looks 
like this:
MBA:tmp ynir$ openssl x509 -in the_ca_cert.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: ecdsa-with-SHA1
        Issuer: 
        Validity
            Not Before: Jul 26 17:56:00 2012 GMT
            Not After : Jul 26 17:56:00 2022 GMT
        Subject: 
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:b9:36:b6:65:ee:65:27:70:f0:f9:16:67:78:53:
                    b8:be:14:29:c5:36:09:a7:3b:0a:f0:0d:59:4d:31:
                    6d:9a:f3:be:fd:bf:e3:6e:0e:39:69:96:c9:d8:ae:
                    74:79:3d:f8:af:b5:5a:65:44:fe:76:c1:8c:52:18:
                    f3:6e:49:43:23
                ASN1 OID: prime256v1
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                9B:D6:1D:1A:9B:B8:CE:2D:46:FD:B1:A5:6E:7D:35:E6:05:04:F0:36
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            Netscape Cert Type: 
                SSL CA, S/MIME CA, Object Signing CA
            Netscape Comment: 
                xca certificate
    Signature Algorithm: ecdsa-with-SHA1
         30:45:02:20:61:68:e4:5e:9c:47:2d:d6:49:f6:6b:24:cb:43:
         cd:20:2e:c4:5d:bb:1a:45:d9:95:09:6b:89:93:5b:00:d2:cb:
         02:21:00:b9:c4:d3:d4:4a:98:e0:d6:20:45:b2:95:8b:4a:06:
         d5:6b:3d:90:f6:a7:81:be:1f:d0:c5:f1:a8:b5:6a:d0:b9

See the "Signature Algorithm" field before the signature itself?  If we dump 
the ASN.1 the signature is a sequence of an OID and a bitstring:
MBA:tmp ynir$ openssl asn1parse -in the_ca_cert.crt -i -dump
    0:d=0  hl=4 l= 351 cons: SEQUENCE          
…
  270:d=1  hl=2 l=   9 cons:  SEQUENCE          
  272:d=2  hl=2 l=   7 prim:   OBJECT            :ecdsa-with-SHA1
  281:d=1  hl=2 l=  72 prim:  BIT STRING        
      0000 - 00 30 45 02 20 61 68 e4-5e 9c 47 2d d6 49 f6 6b   .0E. ah.^.G-.I.k
      0010 - 24 cb 43 cd 20 2e c4 5d-bb 1a 45 d9 95 09 6b 89   $.C. ..]..E...k.
      0020 - 93 5b 00 d2 cb 02 21 00-b9 c4 d3 d4 4a 98 e0 d6   .[....!.....J...
      0030 - 20 45 b2 95 8b 4a 06 d5-6b 3d 90 f6 a7 81 be 1f    E...J..k=......
      0040 - d0 c5 f1 a8 b5 6a d0 b9-                          .....j..


In IKE we only have the bitstring, so we must infer the OID from something else.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec