Hello,
>
> I have tried sending the following email to openssl-users@openssl.org
> after subscribing to the list but somehow my emails dont seem to be
> reaching anyone. I was wondering if you could help with the questions
> below, or send it to the list on my behalf and CC me. I really
> appreciate your help as I am somewhat stuck with out this help.
>
> thanks
> -AG
>
> ---------- Forwarded message ----------
> From: Anand Giriraj <[EMAIL PROTECTED]>
> Date: Aug 16, 2007 8:51 AM
> Subject: Re: openssl ECC/ECDSA question
> To: openssl-users@openssl.org
>
> Sending this again, as I think the message didnt reach last time..
>
>
> On 8/15/07, Anand Giriraj <[EMAIL PROTECTED] > wrote:
>
>
> Hi,
>
>
> I had a question with regards to the openssl 0.9.8e ECC/ECDSA
> implementation. I would appreciate your quick response on
> this. Please include me in all replies as I am not yet
> subscribed to the list.
>
> Thanks
> -AG
>
> The FIPS document indicates the following statement:
>
> "The FIPS-validated cryptomodule shall implement ECDSA where
> the order of the base point is a [assignment: size of the
> order of the base point "n" in number of bits that is 256 or
> greater]-bit value, and where the algorithm conforms with ANSI
> X9.62-1998, Public Key Cryptography for the Financial Services
> Industry: The Elliptic Curve Digital Signature Algorithm
> (ECDSA). "
>
> In addition to the above, there is a requirement to have all
> the domain parameters be for curves only over GF(p) and
> GF(2^m).
>
> 1)
> Give the above constraints which of the curve definitions in
> crypto/curve/ec_curve.c would fit within my requirements?
You may list all supported curves with command:
$ openssl ecparam -list_curves
I think that curves over GF(p):
secp256k1
secp384r1
secp521r1
prime256v1
and curves over GF(2^m):
sect283k1
sect283r1
sect409k1
sect409r1
sect571k1
sect571r1
have order of base point G greater then 256bits
> 2) What are the functions/APIs I can use to get the order of
> the base point "n" - would it be EC_GROUP_get_degree()?
Order of base point G is prime number n (p specifies finite field),
in OpenSSL name scheme (EC_GROUP structure) this means:
G -> generator
n -> order
p -> field
but EC_GROUP_get_degree() functions returns number of bits of "filed",
I'm not sure - maybe this should be number of bits of "order" ?
Or EC_GROUP_get_degree() means something else.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
