Difference between revisions of "Signing"

From MgmtWiki
Jump to: navigation, search
(Solutions)
m (Solutions)
 
Line 5: Line 5:
 
* RSA signing with 3072 bit keys is good enough for TOP SECRET on 2015-08-19, but might not be included in post-quantum cryptography suites.
 
* RSA signing with 3072 bit keys is good enough for TOP SECRET on 2015-08-19, but might not be included in post-quantum cryptography suites.
 
* See the wiki page [[Quantum Computing Threat]] for current status on post-quantum [[Cryptography]].
 
* See the wiki page [[Quantum Computing Threat]] for current status on post-quantum [[Cryptography]].
* Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)
+
* Curves Supported by [[OpenSSL]] can be discovered by keying (there will typically be many more that shown here)
 
  openssl ecparam -list_curves
 
  openssl ecparam -list_curves
  

Latest revision as of 11:50, 8 March 2023

Full Title or Meme

A signature on a digital document is designed to show that the document has not be altered and the identity of the key used to make the signature.

Solutions

  • RSA signing with 3072 bit keys is good enough for TOP SECRET on 2015-08-19, but might not be included in post-quantum cryptography suites.
  • See the wiki page Quantum Computing Threat for current status on post-quantum Cryptography.
  • Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)
openssl ecparam -list_curves


IETF name NIST name W3C name SSL Description
secp256k1 EcdsaSecp256k1Signature2019 default Koblitz curve 256 bit SEC
secp256r1 P-256 EcdsaSecp256r1Signature2019 default random curve 256 bit SEC SUITE B
secp384r1 P-384 default random curve 386 bit SEC SUITE B -OK for TOP SECRET
secp521r1 P-521 default random curve 521 bit SEC - not worth the extra work
Ed25519Signature2018
sect283r1 Weierstrass curve 283-bit
brainpoolP256r1 default
brainpoolP384r1 default
brainpoolP521r1 default
brainpoolP256t1

References