# Difference between revisions of "Signing"

From MgmtWiki

(→Solutions) |
(→Solutions) |
||

Line 16: | Line 16: | ||

| secp256r1||P-256 ||EcdsaSecp256k1Signature2019||default || random curve 256 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B] | | secp256r1||P-256 ||EcdsaSecp256k1Signature2019||default || random curve 256 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B] | ||

|- | |- | ||

− | | secp384r1|| P-384|| EcdsaSecp256r1Signature2019 ||default | + | | secp384r1|| P-384|| EcdsaSecp256r1Signature2019 ||default ||random curve 386 bit SEC [https://www.nsa.gov/ia/programs/suiteb_cryptography/ SUITE B] -OK for TOP SECRET |

|- | |- | ||

| secp521r1|| P-521|| || default ||random curve 521 bit SEC - not worth the extra work | | secp521r1|| P-521|| || default ||random curve 521 bit SEC - not worth the extra work | ||

|- | |- | ||

− | | sect283r1|| || || ||Weierstrass curve 283-bit | + | | || || ||Ed25519Signature2018 |

+ | |- | ||

+ | | sect283r1|| || || ||Weierstrass curve 283-bit | ||

|- | |- | ||

| brainpoolP256r1|| || || default || | | brainpoolP256r1|| || || default || |

## Revision as of 14:00, 30 July 2022

## Full Title or Meme

A signature on a digital document is designed to show that the document has not be altered and the identity of the key used to make the signature.

## Solutions

- RSA signing with 3072 bit keys is good enough for TOP SECRET om 2015-08-19, but might not be included in post-quantum cryptography suites.
- See the wiki page Quantum Computing Threat for current status on post-quantum Cryptography.
- Curves Supported by OpenSSL can be discovered by keying (there will typically be many more that shown here)

openssl ecparam -list_curves

IETF name | NIST name | W3C name | SSL | Description |

secp256k1 | default | Koblitz curve 256 bit SEC | ||

secp256r1 | P-256 | EcdsaSecp256k1Signature2019 | default | random curve 256 bit SEC SUITE B |

secp384r1 | P-384 | EcdsaSecp256r1Signature2019 | default | random curve 386 bit SEC SUITE B -OK for TOP SECRET |

secp521r1 | P-521 | default | random curve 521 bit SEC - not worth the extra work | |

Ed25519Signature2018 | ||||

sect283r1 | Weierstrass curve 283-bit | |||

brainpoolP256r1 | default | |||

brainpoolP384r1 | default | |||

brainpoolP521r1 | default | |||

brainpoolP256t1 |

## References

- Standards for Efficient Cryptography SEC 2: Recommended Elliptic Curve Domain Parameters
- IBM MQ SSL curves supported
- On 2022-08-19 the NSA Commercial National Security Algorithm Suite replaced SUITE B