On 9/9/2011 2:59 AM, Nikos Mavrogiannopoulos wrote: > On Fri, Sep 9, 2011 at 9:38 AM, Martin Paljak<mar...@martinpaljak.net> wrote: >> Hello, >> Autumn has started (at least in northern hemisphere) so it is time to >> pull together next OpenSC release. >> - ECDH support [5] > > Out of curiosity, are the ECDH static keys used anywhere?
Yes they can be used as part of a key agreement scheme and the agreed upon key can be used for encryption. See: http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf Section 6. Key Agreement The PIV card only supports ECC CDH, with a static key, on the card, and the public key from the other party. This is just enough to use more complicated methods for example to encrypt e-mail. http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf In Table 2, the "computation" "Compute Z by calling ECC CDH using de,U and Qs,V" and "Compute Z by calling ECC CDH using ds,V and Qe,U" could be done on two different cards. OpenSC has made a decision to not support crypto in software, but only in hardware. Thus any method that need ephemeral keys needs to generate them outside of OpenSC. NSS has that capability. There is some working going on to get Thunderbird with NSS to use ECDH, so it can exchange encrypted e-mail with Outlook. > They remind > me of the DH static keys ciphersuites in TLS that although were > defined I haven't seen them being used in practice (no certificates > were ever issued with such keys). > > regards, > Nikos > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
