On Thu, Mar 08, 2007 at 02:41:46PM +0100, Jordi Jaen Pallares wrote:
> Dear list,
>
> I am writing an application that uses ECC and certificates.
>
> At initialization time, the idea is to generate both a self-signed root
> certificate (as in the examples in the /demos examples) for the CA,
> and a set of long terms EC keys for each client.
>
> In the program I intend to use both command line and C code.
>
> Initialization in the server side:
>
> # openssl ecparam -name sect233r1 -out sect233r1.pem
You might do better with "prime256v1" both in terms of performancs
and security. The NSA's Suite-B uses "prime256v1" (aka secp256r1)
for traffic through "SECRET" and secp384r1 for "TOP SECRET" traffic. A
conservative setting may be to use 384r1 for the CA cert and 256r1 for the
client/server certs, but using 256r1 everywhere a great deal stronger than
(128 bit vs. 80) than the vast majority of RSA 1024-bit certs in the field
and on best current attacks is approximately as strong as 3072 bit RSA.
> Now, how can I retrieve the server's Public Key from the certificate and
> store it in a EC_KEY data ?
Why?
> fp = fopen("/home/jordi/Work/test /myCA2/testcafile.cert.der", "r");
This is an X509 object.
> pub = d2i_EC_PUBKEY_fp(fp, NULL);
It is not an EC_PUBKEY object.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
