Difference between revisions of "Signing"
From MgmtWiki
(→References) |
m (→Solutions) |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
==Solutions== | ==Solutions== | ||
| − | + | * RSA signing with 3072 bit keys is good enough for TOP SECRET on 2015-08-19, but might not be included in post-quantum cryptography suites. | |
| − | Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here) | + | * See the wiki page [[Quantum Computing Threat]] for current status on post-quantum [[Cryptography]]. |
| + | * Curves Supported by [[OpenSSL]] can be discovered by keying (there will typically be many more that shown here) | ||
openssl ecparam -list_curves | openssl ecparam -list_curves | ||
{|border="1" padding="2" width="799px" | {|border="1" padding="2" width="799px" | ||
| − | | IETF name || NIST name|| SSL|| Description | + | | IETF name || NIST name|| W3C name || SSL|| Description |
| + | |- | ||
| + | | secp256k1|| || EcdsaSecp256k1Signature2019|| default || Koblitz curve 256 bit SEC | ||
|- | |- | ||
| − | | | + | | secp256r1||P-256 || EcdsaSecp256r1Signature2019||default || random curve 256 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B] |
|- | |- | ||
| − | | | + | | secp384r1|| P-384|| ||default ||random curve 386 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B] -OK for TOP SECRET |
|- | |- | ||
| − | | | + | | secp521r1|| P-521|| || default ||random curve 521 bit SEC - not worth the extra work |
|- | |- | ||
| − | | | + | | || ||Ed25519Signature2018 || |
|- | |- | ||
| − | | sect283r1|| || ||Weierstrass curve 283-bit | + | | sect283r1|| || || ||Weierstrass curve 283-bit |
|- | |- | ||
| − | | brainpoolP256r1|| || default | + | | brainpoolP256r1|| || || default || |
|- | |- | ||
| − | | brainpoolP384r1|| || default | + | | brainpoolP384r1|| |||| default || |
|- | |- | ||
| − | | brainpoolP521r1|| || default | + | | brainpoolP521r1|| |||| default || |
|- | |- | ||
| − | | brainpoolP256t1|| || || | + | | brainpoolP256t1|| || || || |
|} | |} | ||
| Line 33: | Line 36: | ||
* [http://www.secg.org/sec2-v2.pdf Standards for Efficient Cryptography SEC 2: Recommended Elliptic Curve Domain Parameters] | * [http://www.secg.org/sec2-v2.pdf Standards for Efficient Cryptography SEC 2: Recommended Elliptic Curve Domain Parameters] | ||
* [https://www.ibm.com/docs/en/mq-appliance/9.0?topic=commands-curves IBM MQ SSL curves supported] | * [https://www.ibm.com/docs/en/mq-appliance/9.0?topic=commands-curves IBM MQ SSL curves supported] | ||
| − | * On 2022-08-19 the NSA [https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm Commercial National Security Algorithm Suite] | + | * On 2022-08-19 the NSA [https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm Commercial National Security Algorithm Suite] replaced SUITE B |
| + | [[Category: Glossary]] | ||
[[Category: Cryptography]] | [[Category: Cryptography]] | ||
Latest revision as of 11:50, 8 March 2023
Full Title or Meme
A signature on a digital document is designed to show that the document has not be altered and the identity of the key used to make the signature.
Solutions
- RSA signing with 3072 bit keys is good enough for TOP SECRET on 2015-08-19, but might not be included in post-quantum cryptography suites.
- See the wiki page Quantum Computing Threat for current status on post-quantum Cryptography.
- Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)
openssl ecparam -list_curves
| IETF name | NIST name | W3C name | SSL | Description |
| secp256k1 | EcdsaSecp256k1Signature2019 | default | Koblitz curve 256 bit SEC | |
| secp256r1 | P-256 | EcdsaSecp256r1Signature2019 | default | random curve 256 bit SEC SUITE B |
| secp384r1 | P-384 | default | random curve 386 bit SEC SUITE B -OK for TOP SECRET | |
| secp521r1 | P-521 | default | random curve 521 bit SEC - not worth the extra work | |
| Ed25519Signature2018 | ||||
| sect283r1 | Weierstrass curve 283-bit | |||
| brainpoolP256r1 | default | |||
| brainpoolP384r1 | default | |||
| brainpoolP521r1 | default | |||
| brainpoolP256t1 |
References
- Standards for Efficient Cryptography SEC 2: Recommended Elliptic Curve Domain Parameters
- IBM MQ SSL curves supported
- On 2022-08-19 the NSA Commercial National Security Algorithm Suite replaced SUITE B
