Difference between revisions of "Signing"

Revision as of 14:05, 30 July 2022

A signature on a digital document is designed to show that the document has not be altered and the identity of the key used to make the signature.

RSA signing with 3072 bit keys is good enough for TOP SECRET on 2015-08-19, but might not be included in post-quantum cryptography suites.
See the wiki page Quantum Computing Threat for current status on post-quantum Cryptography.
Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)

openssl ecparam -list_curves

IETF name	NIST name	W3C name	SSL	Description
secp256k1		EcdsaSecp256k1Signature2019	default	Koblitz curve 256 bit SEC
secp256r1	P-256	EcdsaSecp256r1Signature2019	default	random curve 256 bit SEC SUITE B
secp384r1	P-384		default	random curve 386 bit SEC SUITE B -OK for TOP SECRET
secp521r1	P-521		default	random curve 521 bit SEC - not worth the extra work
		Ed25519Signature2018
sect283r1				Weierstrass curve 283-bit
brainpoolP256r1			default
brainpoolP384r1			default
brainpoolP521r1			default
brainpoolP256t1

@@ Line 3: / Line 3: @@
 ==Solutions==
-* RSA signing with 3072 bit keys is good enough for TOP SECRET om 2015-08-19, but might not be included in post-quantum cryptography suites.
+* RSA signing with 3072 bit keys is good enough for TOP SECRET on 2015-08-19, but might not be included in post-quantum cryptography suites.
 * See the wiki page [[Quantum Computing Threat]] for current status on post-quantum [[Cryptography]].
 * Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)