Re: ECDSA signature verification
On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote: * is it possible to define our own curves (rather than using one of the predefined curves)? if you want to play with your EC, check crypto/ec/ectest.c if you want to add a new curve to openssl, have a look at crypto/ec/ec_curve.c, crypto/objects/object.txt I opened a thread in openssl-dev: Adding an EC to OpenSSL. * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? there is only sha1. You have to add more EVP, I think... OpenSSL 0.9.9 is required for public-key EVP. * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. source code? ECDSA has also doxygen comments :-) bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDSA signature verification
Thank you, Emanuele. We really need to use the FIPS version of OpenSSL, so updating the code isn't a possiblity. However, looking into the source it looks as though all of the functions that we need are there, so hopefully we can get the functionality we require by writing a bit of code ourselves which links to the FIPS library. Regards, Alistair. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena Sent: 23 January 2009 08:24 To: openssl-users@openssl.org Subject: Re: ECDSA signature verification On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote: * is it possible to define our own curves (rather than using one of the predefined curves)? if you want to play with your EC, check crypto/ec/ectest.c if you want to add a new curve to openssl, have a look at crypto/ec/ec_curve.c, crypto/objects/object.txt I opened a thread in openssl-dev: Adding an EC to OpenSSL. * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? there is only sha1. You have to add more EVP, I think... OpenSSL 0.9.9 is required for public-key EVP. * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. source code? ECDSA has also doxygen comments :-) bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDSA signature verification
... though I notice that the Security Policy document does not explicitly mention ECDSA in the table of FIPS approved algorithms. It does mention DSA with 1024-bit keys (but has a confusing footnote which states that DSA supports a key size of less than 1024 bits except when not in FIPS mode - is there an extra 'not' in this statement?), but that perhaps doesn't cover ECDSA. Alistair. -Original Message- From: Young, Alistair Sent: 23 January 2009 10:13 To: 'openssl-users@openssl.org' Subject: RE: ECDSA signature verification Thank you, Emanuele. We really need to use the FIPS version of OpenSSL, so updating the code isn't a possiblity. However, looking into the source it looks as though all of the functions that we need are there, so hopefully we can get the functionality we require by writing a bit of code ourselves which links to the FIPS library. Regards, Alistair. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena Sent: 23 January 2009 08:24 To: openssl-users@openssl.org Subject: Re: ECDSA signature verification On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote: * is it possible to define our own curves (rather than using one of the predefined curves)? if you want to play with your EC, check crypto/ec/ectest.c if you want to add a new curve to openssl, have a look at crypto/ec/ec_curve.c, crypto/objects/object.txt I opened a thread in openssl-dev: Adding an EC to OpenSSL. * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? there is only sha1. You have to add more EVP, I think... OpenSSL 0.9.9 is required for public-key EVP. * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. source code? ECDSA has also doxygen comments :-) bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDSA signature verification
On Fri, 2009-01-23 at 10:13 +, Young, Alistair wrote: We really need to use the FIPS version of OpenSSL, so updating the code isn't a possiblity. ah ok, so maybe you can just skip EVP. bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDSA signature verification
On Fri, Jan 23, 2009, Young, Alistair wrote: ... though I notice that the Security Policy document does not explicitly mention ECDSA in the table of FIPS approved algorithms. It does mention DSA with 1024-bit keys (but has a confusing footnote which states that DSA supports a key size of less than 1024 bits except when not in FIPS mode - is there an extra 'not' in this statement?), but that perhaps doesn't cover ECDSA. That is correct, ECDSA is not an approved algorithm in FIPS mode. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDSA signature verification
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: 23 January 2009 13:07 To: openssl-users@openssl.org Subject: Re: ECDSA signature verification On Fri, Jan 23, 2009, Young, Alistair wrote: ... though I notice that the Security Policy document does not explicitly mention ECDSA in the table of FIPS approved algorithms. It does mention DSA with 1024-bit keys (but has a confusing footnote which states that DSA supports a key size of less than 1024 bits except when not in FIPS mode - is there an extra 'not' in this statement?), but that perhaps doesn't cover ECDSA. That is correct, ECDSA is not an approved algorithm in FIPS mode. Steve. Thanks for confirming this for me, Steve. Off the top of your head, are you aware of any ECDSA implementations which have been FIPS validated? Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ECDSA signature verification
Hi, I'm new to OpenSSL, having just installed openssl-fips-1.2. I'm looking for some guidance in how to use OpenSSL (from the command line) to verify ECDSA signatures. In particular, I have the following questions: * is it possible to define our own curves (rather than using one of the predefined curves)? * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. Apologies for any dumb questions there - thanks in advance for any assistance! Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
