Difference between revisions of "Signing"

From MgmtWiki
Jump to: navigation, search
(References)
(Solutions)
Line 10: Line 10:
  
 
{|border="1" padding="2" width="799px"
 
{|border="1" padding="2" width="799px"
| IETF name || NIST name|| SSL||  Description  
+
| IETF name || NIST name|| W3C name || SSL||  Description  
 
|-
 
|-
| secp256k1|| || default || Koblitz curve 256 bit SEC
+
| secp256k1|| || default || || Koblitz curve 256 bit SEC
 
|-
 
|-
| secp256r1||P-256 ||default  || random curve 256 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B]
+
| secp256r1||P-256 ||EcdsaSecp256k1Signature2019||default  || random curve 256 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B]
 
|-
 
|-
| secp384r1|| P-384|| default || random curve 386 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B] -OK for TOP SECRET
+
| secp384r1|| P-384|| default ||  ||random curve 386 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B] -OK for TOP SECRET
 
|-
 
|-
| secp521r1|| P-521|| default || random curve 521 bit SEC - not worth the extra work
+
| secp521r1|| P-521|| default || || random curve 521 bit SEC - not worth the extra work
 
|-
 
|-
| sect283r1||  ||  ||Weierstrass curve 283-bit
+
| sect283r1||  || ||  ||Weierstrass curve 283-bit ||
 
|-
 
|-
| brainpoolP256r1|| || default
+
| brainpoolP256r1||  || || default ||
 
|-
 
|-
| brainpoolP384r1|| || default
+
| brainpoolP384r1||  |||| default ||
 
|-
 
|-
| brainpoolP521r1|| || default
+
| brainpoolP521r1||  |||| default ||
 
|-
 
|-
| brainpoolP256t1||  || ||  
+
| brainpoolP256t1||  || ||  ||
 
|}
 
|}
  

Revision as of 12:56, 30 July 2022

Full Title or Meme

A signature on a digital document is designed to show that the document has not be altered and the identity of the key used to make the signature.

Solutions

  • RSA signing with 3072 bit keys is good enough for TOP SECRET om 2015-08-19, but might not be included in post-quantum cryptography suites.
  • See the wiki page Quantum Computing Threat for current status on post-quantum Cryptography.
  • Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)
openssl ecparam -list_curves


IETF name NIST name W3C name SSL Description
secp256k1 default Koblitz curve 256 bit SEC
secp256r1 P-256 EcdsaSecp256k1Signature2019 default random curve 256 bit SEC SUITE B
secp384r1 P-384 default random curve 386 bit SEC SUITE B -OK for TOP SECRET
secp521r1 P-521 default random curve 521 bit SEC - not worth the extra work
sect283r1 Weierstrass curve 283-bit
brainpoolP256r1 default
brainpoolP384r1 default
brainpoolP521r1 default
brainpoolP256t1

References