Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

How to create ECC key with P_386 parameter

Help
2014-03-24
2014-03-24
  • I created root certificate with signing algorithm of SHA384withECDSA (software token), but, the created certificate was for P_256. How can I generate ECC key with P_384 parameter?
    It seems very strange because P_256 cannot create signature with SHA384withECDSA.

    The following was actual certificate I created.

    -----BEGIN CERTIFICATE-----
    MIIB1zCCAX6gAwIBAgIIJAlQ9zXRkjowCgYIKoZIzj0EAwMwUDETMBEGA1UECgwK
    R2xvYmFsU2lnbjEkMCIGA1UECwwbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1
    MRMwEQYDVQQDDApHbG9iYWxTaWduMB4XDTE0MDMyNDA3NTk0NloXDTM0MDMyNDA3
    NTk0NlowUDETMBEGA1UECgwKR2xvYmFsU2lnbjEkMCIGA1UECwwbR2xvYmFsU2ln
    biBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQDDApHbG9iYWxTaWduMFkwEwYHKoZI
    zj0CAQYIKoZIzj0DAQcDQgAEInmeM/jP2KxxKsXX1xhWFBx4mQpkAQaTZIL/osvQ
    atsjseb4MXPI88kTvb/60JGuMAx4/cyNJhwMCG66/R+oAqNCMEAwHQYDVR0OBBYE
    FPJZ3//lnDG8iAYpX7gNJGqFnpL0MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
    BAQDAgEGMAoGCCqGSM49BAMDA0cAMEQCIBWFw3e29P8TnLVD4e/2osNVEuQIlB96
    oGLgsxd4teVxAiBT1xPjOSIVZ2ihLjbWdC+L97jdI1OXXDzaJ1XeU1et7w==
    -----END CERTIFICATE-----

    Regards,
    Koichi Sugimoto.

     
    • ejbca-support
      ejbca-support
      2014-03-24

      On 2014-03-24 10:04, Koichi Sugimoto wrote:

      I created root certificate with signing algorithm of SHA384withECDSA (software token), but, the created certificate was for P_256. How can I generate ECC key with P_384 parameter?
      It seems very strange because P_256 cannot create signature with SHA384withECDSA.

      The following was actual certificate I created.

      -----BEGIN CERTIFICATE-----
      MIIB1zCCAX6gAwIBAgIIJAlQ9zXRkjowCgYIKoZIzj0EAwMwUDETMBEGA1UECgwK
      R2xvYmFsU2lnbjEkMCIGA1UECwwbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1
      MRMwEQYDVQQDDApHbG9iYWxTaWduMB4XDTE0MDMyNDA3NTk0NloXDTM0MDMyNDA3
      NTk0NlowUDETMBEGA1UECgwKR2xvYmFsU2lnbjEkMCIGA1UECwwbR2xvYmFsU2ln
      biBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQDDApHbG9iYWxTaWduMFkwEwYHKoZI
      zj0CAQYIKoZIzj0DAQcDQgAEInmeM/jP2KxxKsXX1xhWFBx4mQpkAQaTZIL/osvQ
      atsjseb4MXPI88kTvb/60JGuMAx4/cyNJhwMCG66/R+oAqNCMEAwHQYDVR0OBBYE
      FPJZ3//lnDG8iAYpX7gNJGqFnpL0MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
      BAQDAgEGMAoGCCqGSM49BAMDA0cAMEQCIBWFw3e29P8TnLVD4e/2osNVEuQIlB96
      oGLgsxd4teVxAiBT1xPjOSIVZ2ihLjbWdC+L97jdI1OXXDzaJ1XeU1et7w==
      -----END CERTIFICATE-----

      Regards,
      Koichi Sugimoto.

      Koichi-san,
      Your cert is fine. It is signed by a P_384 CA.
      What's maybe "wrong" is that your request must have been for a P_256 key.

      Anders


      How to create ECC key with P_386 parameter https://sourceforge.net/p/ejbca/discussion/123123/thread/f513ee8a/?limit=25#62b9


      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/ejbca/discussion/123123/

      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

       
  • Hello Anders,

    Thanks for the quick reply.
    But I created root (self-signed) certificate from "Certification Authorities" link of Administration page. I want to know how to create P_384 parameter key pair.

    Regards,
    Koichi Sugimoto.

     
  • Generate a keypair in the crypto token (EJBCA 6) you intend to use for the cA, with secp384r1 key. And then select this key as the CAs signing key when cresating the CA.

    Cheers,
    Tomas

     
  • Hello Tomas,

    Thanks.
    I could create a P_384 curve.
    But it seems that the validity cannot be overwritten when I create an ECC root certificate.

    Regards,
    Koichi Sugimoto.

     
  • The certificate validity is not related to signature or key algorithm. You can always specify the validity time, but there are of course several parameters to have in consideration, like certificate profile max validity.

     
  • Oh, I see. I had misunderstood the validity of the certificate profile.
    It means the max validity time...