[openssl-dev] EC based certificates not supported in CMS - why?

Paweł Kaźmierczak koraboros at gmail.com
Thu Apr 9 12:51:24 UTC 2015


Hi,

currently openssl in CMS supports only RSA based certificates but EC based
certificates are supported in openssl TLS... so I assume that there is
already a code that can sing/verify and perform key agreement (ECKA-EG
ECKA-DH) using eliptic curves.

Can someone please tell me if this will be a lot of work to use that code
in CMS in a way that CMS could work with EC based certificates?

Backgroud:
My company needs to support BSI requirements (more info can be found here
chapter 8
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-3.html
) and EC certificate is a must. We are now at the point where a decision
will be made if we will implement everything by ourselves (which I would
like to avoid) or we improve some existing open source crypto lib to
support BSI requirements.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150409/ec25f2c0/attachment.html>


More information about the openssl-dev mailing list