Menu
▾
▴
Re: [Ejbca-develop] Why ECDSA keys require a minimum size of 224 bits for Crypto Token key pair generation?
|
From: Andreas K. <ku...@tr...> - 2018-12-29 22:28:55
|
Hi Jaime, an unclear reasoning and origin is a good starting point for conspiracy theories! ;-) The code snippet seems to implement a DIY approach to decide on algorithm suitability. A more standardized approach is given in Data Structure for the Security Suitability of Cryptographic Algorithms (DSSC) https://tools.ietf.org/html/rfc5698 This could be a good base for a catalog of supported algorithm. A quick search did not reveal any ready-made implementations but I would guess a given standard is better than re-inventing a wheel. Greetings, Andreas > On Sat, Dec 22, 2018 at 1:59 PM Andreas Kuehne <ku...@tr...> wrote: > >> Hi Jaime, >> >> interesting finding! Due to https://safecurves.cr.yp.to/ there are at >> least two curves with (slightly) shorter key length. On the other hand the >> NIST-224 is considered insecure ... >> > Thanks for pointing out this resource. > > >> Are there any specific reasons for implementing this restriction? >> > I'm asking the same myself. I can trace back that change to the following > old (5 years ago) commit, > https://github.com/rgorosito/ejbca/commit/49a8e1c5ff448c3d27c132e46675ed27ef7cb65b#diff-52fc78614bcdfb702e0bf5b66a3ffbfc, > but the motivation for it is no clear to me at first glance. > > >> Greetings, >> >> Andreas >> >> In EJBCA 6.10.1.2+, if you create a Crypto Token from the Admin GUI and >> then you try to generate an EC keypair for it, you find that certain curves >> are not availabe, e.g. B-163, even when the documentation indicates support >> for them (seehttps://www.ejbca.org/docs/ECDSA_Keys_and_Signatures.html#src-16224742_id-.ECDSAKeysandSignaturesv6.12.0-Named_curves >> ). >> >> Looking at the source code I can see the cause for it is in the following >> method, org.cesecore.keys.util.KeyTools#checkValidKeyLength: >> >> public static void checkValidKeyLength(final String keyAlg, final int len) >> throws InvalidKeyException { >> ... >> if (*isEcdsa *|| isGost3410 || isDstu4145) { >> ... >> if ((len > 0) && (*len < 224)*) { >> final String msg = >> intres.getLocalizedMessage("catoken.invalidkeylength", "ECDSA", "224", >> Integer.valueOf(len)); >> *throw new InvalidKeyException(msg);* >> } >> } ... >> } >> >> But, why is it so?. Are there potentials problems with EC curves with a key >> size smaller than 224 bits?. >> >> PS: I'm a total ignorant of EC cryptography. >> >> >> >> _______________________________________________ >> Ejbca-develop mailing lis...@li...://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> >> -- >> Andreas Kühne >> phone: +49 177 293 24 97 >> mailto: ku...@tr... >> >> Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 >> >> Director Andreas Kühne >> >> Company UK Company No: 5218868 Registered in England and Wales >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
