Questions about using Elliptic Curve ciphers in OpenSSL
Jason Schultz
jetson23 at hotmail.com
Fri Feb 7 02:58:52 UTC 2020
I’m somewhat confused as to what I need to do to use ECDHE ciphers (ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, etc). I’m hoping this list can help, or at least point me to a good tutorial somewhere. A lot of the information I’ve looked at is from the following links:
https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
https://crypto.stackexchange.com/questions/19452/static-dh-static-ecdh-certificate-using-openssl
I’m only looking at getting something set up for testing for now; I have a self-signed certificate and a private key. Here is the certificate, with some info stripped (I didn’t create it so I don’t have the exact commands used):
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e7:64:34:3c:f2:b4:f5:cc
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=MyState, L=City, O=Org, OU=Dept, CN=MyCN/emailAddress=me at example.com
Validity
Not Before: Jan 29 20:11:44 2020 GMT
Not After : Jan 28 20:11:44 2021 GMT
Subject: C=US, ST= MyState, L=City, O=Org, OU=Dept, CN=MyCN/emailAddress=me at example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:
31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:
74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:
89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:
58:68:82:a4:3e
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:B7:A7:5A:16:85:40:61:36:D7:37:5E:AF:BE:E4:90:80:05:C7:FA
X509v3 Authority Key Identifier:
keyid:DA:B7:A7:5A:16:85:40:61:36:D7:37:5E:AF:BE:E4:90:80:05:C7:FA
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:bc:9c:cb:f1:ca:30:24:d3:7e:86:b4:d4:6f:
f6:5a:3c:ab:c2:8d:24:b5:bc:03:b2:f9:55:74:0d:5d:cc:2c:
11:02:20:56:f8:05:4d:88:e6:35:ab:7b:db:01:02:1c:3d:ae:
ab:5d:5a:86:61:5b:e5:2d:1a:3f:4d:bf:5b:ea:12:c2:50
I also didn’t generate the private key, but I’ll dump some info on it here, again to make sure it looks OK. It’s also part of the equation that I’m not 100% sure about (if my private key is set up correctly). This is a non-production key, used only for initial testing:
---:/etc/ssl # openssl ec -in private/mykey.pem -text
read EC key
Private-Key: (256 bit)
priv:
00:96:f8:5b:9d:a3:fb:3d:27:de:01:75:54:0f:51:
69:38:d1:8f:2d:62:19:80:67:14:4a:da:1e:b5:d8:
57:8f:e8
pub:
04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:
31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:
74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:
89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:
58:68:82:a4:3e
ASN1 OID: prime256v1
NIST CURVE: P-256
writing EC key
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJb4W52j+z0n3gF1VA9RaTjRjy1iGYBnFEraHrXYV4/ooAoGCCqGSM49
AwEHoUQDQgAEHwfn6gm0lD6pC8TG0mUx20ycM5zN+734sQ6OaVx0zY2YDGcJ+x0B
n/aI1AKJnWZ4/840CecFzGMfUwdYaIKkPg==
-----END EC PRIVATE KEY-----
---:/etc/ssl # openssl ec -in private/mykey.pem -text -param_out
read EC key
Private-Key: (256 bit)
priv:
00:96:f8:5b:9d:a3:fb:3d:27:de:01:75:54:0f:51:
69:38:d1:8f:2d:62:19:80:67:14:4a:da:1e:b5:d8:
57:8f:e8
pub:
04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:
31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:
74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:
89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:
58:68:82:a4:3e
ASN1 OID: prime256v1
NIST CURVE: P-256
writing EC key
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
For my server code, the setup I use is very similar to if I was using an RSA certificate/key pair; setting up a CTX and calling the appropriate APIs for specifying the private key and certificate. Pseudocode:
ctx = SSL_CTX_new(TLS_method());
status = SSL_CTX_use_PrivateKey_file(ctx,<keyfile>,SSL_FILETYPE_PEM);
status = SSL_CTX_use_certificate_file(ctx, ,<certfile>,SSL_FILETYPE_PEM);
// Verify the cert and key are a pair
status = SSL_CTX_check_private_key(ctx);
I do some validation of the certificate, the code for which I’ll skip as I don’t think it’s important here. I also set the protocol version I support with SSL_CTX_set_max_proto_version() and call SSL_CTX_set_cipher_list() to set the ciphers the server supports. The ciphers include the following:
ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Since I’m supporting ECDHE ciphers, I also call the following API, because I need to set the curves I support:
status = SSL_CTX_set1_curves_list(ctx, "P-521:P-384:P-256");
Then another API call so the server will select the appropriate curve for the client:
status = SSL_CTX_set_ecdh_auto(ctx, 1);
First question, for the ECDHE_RSA* ciphers, I just need an RSA certificate and key, correct? Nothing else to do here?
Most of my confusion is on the ECDHE_ECDSA* ciphers. Do I need to do anything else in addition to the above to use them? I’ve read about “EC parameters” files (and “ECDHE parameters” files?). Do I need to create another file to read in to support the ECDHE_ECDSA* ciphers? From the second command displaying the private key above, it looks like there are “EC parameters” embedded in the private key. Since I’m not 100% sure how the key was generated, that could be what’s causing my confusion.
Is the code I have above enough, or do I need another file? If so, how is that file generated, and what API do I need to read it in and use it?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200207/05910970/attachment-0001.html>
More information about the openssl-users
mailing list