... though I notice that the Security Policy document does not explicitly mention ECDSA in the table of FIPS approved algorithms.
It does mention DSA with 1024-bit keys (but has a confusing footnote which states that "DSA supports a key size of less than 1024 bits except when not in FIPS mode" - is there an extra 'not' in this statement?), but that perhaps doesn't cover ECDSA. Alistair. -----Original Message----- From: Young, Alistair Sent: 23 January 2009 10:13 To: 'openssl-users@openssl.org' Subject: RE: ECDSA signature verification Thank you, Emanuele. We really need to use the FIPS version of OpenSSL, so updating the code isn't a possiblity. However, looking into the source it looks as though all of the functions that we need are there, so hopefully we can get the functionality we require by writing a bit of code ourselves which links to the FIPS library. Regards, Alistair. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena Sent: 23 January 2009 08:24 To: openssl-users@openssl.org Subject: Re: ECDSA signature verification On Mon, 2009-01-19 at 11:22 +0000, Young, Alistair wrote: > * is it possible to define our own curves (rather than using > one of the predefined curves)? > if you want to play with your EC, check crypto/ec/ectest.c if you want to add a new curve to openssl, have a look at crypto/ec/ec_curve.c, crypto/objects/object.txt I opened a thread in openssl-dev: Adding an EC to OpenSSL. > * how configurable is the hashing step? I see that there are > parameters like "-ecdsa-with-SHA1" - can arbitrary hashing > functions be used? > there is only sha1. You have to add more EVP, I think... OpenSSL 0.9.9 is required for public-key EVP. > * where can I find some good (= simple!) documentation on using > OpenSSL for this task. I've not had much luck finding anything > relevant in the man page. > source code? ECDSA has also doxygen comments :-) bye! -- Emanuele Cesena <emanuele.ces...@gmail.com> http://ecesena.dyndns.org Il corpo non ha ideali ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
