On Fri, Jul 15, 2011 at 10:32 AM, Gaglia <san...@paranoici.org> wrote: > On 07/15/2011 08:23 AM, Kyle Hamilton wrote: >> ... > > Excuse me, I got lost somewhere... Does this mean that it is not > possible to use EC crypto with OpenSSL because the algorithms are > patented? If so, why OpenSSL does provide support to EC crypto?
EC is considered to be a patent minefield. Some people (RSA Data Security) say that it's possible to implement EC cryptography using different types of algorithms which are not covered by the patents. Other people (Bruce Schneier, US NSA) say that the mechanism itself is patented, not simply specific algorithms for calculation. The US NSA licensed from Certicom the right to sublicense the EC algorithms used in "Suite B". My understanding is that OpenSSL received a gift from Sun Microsystems of its EC sublicense from NSA. > Let's put it in this way: in the unlikely and deplorable event of an > user willing to illegally use patented EC cryptography with OpenSSL for > personal use (hence assuming responsibility for any consequence), could > he/she use OpenSSL? Is OpenSSL able to handle this kind of crypto? Yes. And, given OpenSSL's EC sublicense gift, the user of OpenSSL (if my understanding is correct, IANAL!) is also licensed. > I > guess yes, for (as in the first post of the thread) I managed to > apparently do a lot of things with the curve of my choice... My question > is, apart from legal considerations: did I do something wrong in the > certificate generation process? Nobody can know unless you post the certificate in question, or at the least the dump of the x509 structure you have. One thing that might cause a problem is if you enabled EC point compression in your OpenSSL compile, as I don't believe OpenSSL has a license for that. -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
