Difference between revisions of "Signing"
From MgmtWiki
(→Solutions) |
(→References) |
||
| Line 36: | Line 36: | ||
* On 2022-08-19 the NSA [https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm Commercial National Security Algorithm Suite] replaced SUITE B | * On 2022-08-19 the NSA [https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm Commercial National Security Algorithm Suite] replaced SUITE B | ||
| + | [[Category: Glossary]] | ||
[[Category: Cryptography]] | [[Category: Cryptography]] | ||
Revision as of 11:38, 30 July 2022
Full Title or Meme
A signature on a digital document is designed to show that the document has not be altered and the identity of the key used to make the signature.
Solutions
- RSA signing with 3072 bit keys is good enough for TOP SECRET om 2015-08-19, but might not be included in post-quantum cryptography suites.
- See the wiki page Quantum Computing Threat for current status on post-quantum Cryptography.
- Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)
openssl ecparam -list_curves
| IETF name | NIST name | SSL | Description |
| secp256k1 | default | Koblitz curve 256 bit SEC | |
| secp256r1 | P-256 | default | random curve 256 bit SEC SUITE B |
| secp384r1 | P-384 | default | random curve 386 bit SEC SUITE B -OK for TOP SECRET |
| secp521r1 | P-521 | default | random curve 521 bit SEC - not worth the extra work |
| sect283r1 | Weierstrass curve 283-bit | ||
| brainpoolP256r1 | default | ||
| brainpoolP384r1 | default | ||
| brainpoolP521r1 | default | ||
| brainpoolP256t1 |
References
- Standards for Efficient Cryptography SEC 2: Recommended Elliptic Curve Domain Parameters
- IBM MQ SSL curves supported
- On 2022-08-19 the NSA Commercial National Security Algorithm Suite replaced SUITE B
