[openssl-dev] EC based certificates not supported in CMS - why?
Dr. Stephen Henson
steve at openssl.org
Thu Apr 9 13:20:03 UTC 2015
On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote:
> Hi,
>
> currently openssl in CMS supports only RSA based certificates but EC based
> certificates are supported in openssl TLS... so I assume that there is
> already a code that can sing/verify and perform key agreement (ECKA-EG
> ECKA-DH) using eliptic curves.
>
> Can someone please tell me if this will be a lot of work to use that code
> in CMS in a way that CMS could work with EC based certificates?
>
OpenSSL 1.0.0 and later should support ECDSA in CMS. The use of ECDH is quite
rare: most implementations just use RSA key exchange. OpenSSL 1.0.2 does
support ECDH though.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list