> On 15/04/12 23:33, Dr. Stephen Henson wrote: >> On Sun, Apr 15, 2012, Jeffrey Walton wrote: >> >>> On Sun, Apr 15, 2012 at 12:01 PM,<toredhiddenu...@tormail.net> wrote: >>>> Hello guyz and cryptobrains! :P >>>> >>>> One of the main disadvantages of EC on openssl seems to be the >>>> inability >>>> to create arbitrary-sized keys and advantage for RSA: you can create >>>> 32768 >>>> bit RSA key but... not greater than 521 bits on ECC. >>>> >>>> Will this continue to be a disadvantage or can 32768 RSA key be used >>>> instead? >>> Point counting is tricky business. I believe it is the reason most >>> folks (OpenSSL, Crypto++, NSS, etc) stick with well known curves. >>> >>> I don't know how to plug in a custom curve with OpenSSL (I have never >>> had a need to do it), but I do know how with Crypto++. If I wanted to >>> do so, I would use Marcel Martin's Elliptic Curve Builder (ECB) to >>> generate domain parameters to meet security levels. >>> >> It should be possible to use a non-named curve with the appropriate >> encoding >> of the ECParameters structure. I've never had to do this either. > > The library only supports Fp and F2^m custom curves. The easiest way to > construct a custom curve is by using one of: > > EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const > BIGNUM *b, BN_CTX *ctx); > EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, > const BIGNUM *b, BN_CTX *ctx); > > > Where for an Fp curve p, a and b are used as follows: > y^2 mod p = x^3 +ax + b mod p > > And for an F2^m curve p (p=2^m), a and b are: > y^2 + xy mod p = x^3 + ax^2 + b (where b != 0) mod p > > Matt > > >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
So, do you say it can't be done with executable? Will this be a feature in future releases? Are you sure there's no way to do that than digging the C source? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
