IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ecc]

ECC stands for Elliptic Curve Cryptography. Elliptic curves are a mathematical structure which allow to define cryptographic operations on them.

Elliptic Curve Cryptography is used in public-key cryptography, and is based on the algebraic structure of elliptic curves over finite fields: The security of ECC depends on the ability to compute a point multiplication, and the intractability of computing the multiplicand given the original and product points.

The benefits of ECC compared to other systems (such as RSA), is a smaller key size, which reduces requirements for storage and transmission. ECC is suitable for digital signatures, key-agreement, and pseudo-random generators, among other things. Due to it's limited computational requirements, ECC has been used on devices with limited computational power, such as RFID devices.

166 questions
13
votes
2 answers

How can you check if a private key and certificate match in OpenSSL with ECDSA?

I know how to do this with RSA keys (see this article: Determine if private key belongs to certificate?) however I do not know how to do this for ECDSA certificate / key pairs. With RSA keys, the modulus can be used for this. However I'm not sure…
Jeff
  • 131
  • 1
  • 1
  • 3
13
votes
2 answers

Can custom elliptic curves be used in common TLS implementations?

Recent developments have cast some doubt on the elliptic curves specified by NIST and used in many standards like TLS (for signatures with ECDSA and key agreement with ECDHE). It seems like the standard allows for custom, server-generated…
lxgr
  • 4,094
  • 3
  • 28
  • 37
12
votes
1 answer

Using ECC for PGP-Master Key in combination with Yubikey

I acquired a Yubikey Neo last month. Now I want to use the Smart-Card functionality for PGP. I followed the official guides on the Yubico Website tested it with 2048 RSA Keys and it worked fine. But if I would lose the Key I would have a Problem,…
Max
  • 178
  • 1
  • 7
12
votes
1 answer

Which ECC to choose with GPG?

I want to generate a key pair with gpg2 2.1.11 and libgcrypt 1.6.5. I use the command gpg2 --expert --full-key-gen. This allows me to choose an ECC: Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3)…
Zelphir Kaltstahl
  • 221
  • 1
  • 2
  • 5
11
votes
0 answers

Strength and length of Symmetric vs Asymmetric keys

There are many questions surrounding the differences between symmetric and asymmetric encryption keys. I think I've read them all at this point. But I'm still left wondering: Why does a "secure" symmetric key only have to be (roughly) 256 bits,…
cslstr
  • 211
  • 1
  • 3
10
votes
3 answers

Is ECDH for SEC P-384 and P-521 broken in Windows 10 / Windows Server 2016 TP3?

UPDATE: Proof of concept code here, console output shown below and all involved certificates are here. Just noticed that ECDiffieHellmanCng.DeriveKeyMaterial(...) behaves differently on Windows 8.1 Enterprise (x64) and Windows 10 Prof (x64).…
DeepSpace101
  • 2,143
  • 3
  • 22
  • 35
9
votes
1 answer

How does CVE-2020-0601 (ChainOfFools/CurveBall) work to undermine ECC?

What is the recently patched and disclosed Windows 10 OS family Crypt.dll vulnerability CVE-2020-0601, nicknamed ChainOfFools and/or Curveball? I've read up on it and while I understand the basics (deriving an alternative private key from a public…
Nzall
  • 7,313
  • 6
  • 29
  • 45
9
votes
2 answers

SSH key strength factor besides key length (say ed25519 vs rsa-4096)

I am not of the field of IS but I want to secure my humble VPS and I cam across a clashing of opinions between 3 IS guys: 2 say that ed25519 ssh keys are a bit more secure than ssh-rsa of 4096 bytes and one says that in our era, there isn't a…
user123574
8
votes
2 answers

More secure curve than Curve25519

As far as I know, Curve25519 offers "only" a security level equal to an 128bit symmetric cipher. I'd like to know if there are new (not NIST) curves, which provide a security-level comparable to a 256bit cipher AND already used by some…
K. Biermann
  • 364
  • 2
  • 11
8
votes
2 answers

ECC based Client Certificate import in Chrome/Mozilla in windows

I have deployed a PKI server and successfully able to generate the ECC based user or client certificates. but non of the web browser support ECC as public key. I have tried different tools and also trying to work this with MS CAPI through openssl…
user2709937
7
votes
1 answer

gpg key size of 4096 and "the future is ECC"

My boss wants to sign our binary. I need to tell him how he can create the signing key. Most if not all sites I have seen about signing binaries say "use gpg". OK, so gpg per default has 2048. Their FAQ…
transient_loop
  • 427
  • 4
  • 13
7
votes
1 answer

How does MariaDB's ed25519 auth scheme work?

Newer versions of MariaDB (a MySQL database server fork) have a new password based auth scheme called "ed25519". The docs are very sparse regarding how it works and what it does. https://mariadb.com/kb/en/library/authentication-plugin-ed25519/ What…
Z.T.
  • 7,768
  • 1
  • 20
  • 35
7
votes
2 answers

Where can I find a canonical list of elliptic curve names and their aliases?

I recently had a problem where I created an EC client certificate which used the sect571k1 curve and I got some strange errors attempting to use it as a client certificate through Mozilla Firefox. It turns out that Firefox supports secp521r1 but not…
Christopher Schultz
  • 312
  • 2
  • 10
6
votes
1 answer

openssl ECDHE-RSA... cipher suite selected while using RSA server cert and ECDSA client cert

The scene: s_server using RSA certificate. s_client using ECC-ECDSA certificate. Client authentication is required (option -Verify set on s_server) Cipher-suite selected after handshake is ECDHE-RSA-AES256-GCM-SHA384. So, i don't completely…
jpradas
  • 63
  • 1
  • 3
6
votes
1 answer

How does signing work with Elliptic Curve Crypto?

So I have read up and have a decent understanding of how the crypto works with Elliptic Curve Cryptography. I also think I have an understanding of how signing works with things like Elliptic Curve Digital Signature Algorithm (ECDSA). The…
user225295
  • 61
  • 1
  • 2
1
2
3
11 12