> From: [email protected] On Behalf Of mehroz > Sent: Friday, 21 June, 2013 10:45 > To: [email protected] > Subject: Any issue in these instruction? > > openssl ecparam -name secp160r2 -out CA_CURVE.pem > > openssl req -out cacert.pem -new -x509 -keyout cakey.pem -newkey > ec:CA_CURVE.pem -nodes -days 600 -sha1 > > openssl req -new -out TMPFILE.req -newkey ec:CA_CURVE.pem -keyout > TMPFILE.key -nodes -sha1 > > openssl x509 -req -CAkey cakey.pem -CA cacert.pem -CAcreateserial -in > TMPFILE.req -out TMPFILE.crt -days 600 -sha1 > > Any problem here? > That's a very broad question.
If you have a good openssl from the last several years executable and openssl.cnf readable and curr dir writable, the above should create a key with that ECC curve and self-signed cert usable as an ad-hoc CA (subject maybe to extensions?), and another key with same curve and "child" cert under that ad-hoc CA, with DNs you typed (must be distinct and thus can't come from same openssl.cnf), and extensions as and if configured in openssl.cnf. Also .srl and leftover .req. If that's what you want, no problem. Depending on KU that key&cert can be used for ECHDE-ECDSA or ECDH(static) suites with a supporting peer, but in openssl 0.9.8 not by default. 600 days is a rather odd validity period, but not necessarily wrong. I don't know how ECC dlog analysis is going, or if it is even the same as integer dlog, but 80-bit strength in general is now considered too low by many, and as an important example disallowed for "applying" (for SSL/TLS presumably signing or agreement) beginning next year for US government use by NIST SP800-57 rev3. As far as I know NIST doesn't prohibit products from supporting disallowed strengths any more than it does unapproved algorithms, although it probably discourages *defaulting* to them. Last I tested, Windows/IE Firefox and Chrome ECC implementations did not offer prime curves <256, and didn't handle p160k1 cert (the one I tried). For that matter NIST also disallows SHA-1 as a signature hash beginning next year, nominally including certs although CA has enough control over cert-TBS to mitigate collisions, but I see little sign of public CAs implementing this, whereas they are doing RSA>=2048 as also required (and not doing ECC at all). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
