[openssl-users] Elliptic curves approved or recommended by government

Alex Chen alex_chen at filemaker.com
Thu Nov 12 00:31:18 UTC 2015

Thanks for the reply Jakob.  Is there a mapping in the government's 
elliptic curve names to the names in OpenSSL?
For instance, the API EC_KEY_new_by_curve_name( int nid ) takes an id of 
the EC name where the id can be something like
NID_X9_62_prime256v1, NID_X9_62_prime239v3, etc. that are defined in 
What I would like to know is how the names are related to NIST's 
recommendation list?
Is there a convention?


On 11/11/2015 1:08 PM, Jakob Bohm wrote:
> On 11/11/2015 21:02, Alex Chen wrote:
>> I see there is a list of recommended list by NIST in 
>> http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, 
>> but it is very old (1999)
>> Is there a up to date list of elliptic curves approved or recommended 
>> for government use in OpenSSL?
>> Is NID_X9_62_prime256v1 the strongest?
> First of all, it depends on *which government*, NIST is for
> the USA Government only, though some allied countries may have
> copied their decisions.
> Secondly, since ca. 1999, the official list has been mostly
> unchanged, namely those that are listed in the official NIST
> standard FIPS 186-2 for use with ECDSA and in NIST Special
> publication SP 800-56A for ECDH.
> So far, the public adjustments have been:
> 2005: The official Suite B list of ciphers was published and
>      included the P-256 and P-384 bit curves as minimum.
>       Around the same time they made a secret Suite A list of
>      ciphers for stuff more secret than "top secret".
> 2015: NSA announced that they will soon start work on a new
>      list, and that government departments should not waste
>      taxpayers money doing the upgrade to Suite B just a few
>      years before it becomes obsolete.
>       However for use at this time they recommend P-384 or
>      3072 bit RSA/DH as a good minimum while accepting the
>      next step down (P-256 or 2048 bit RSA/DH) in already
>      built systems.
>       They also recommend the use of pure symmetric key
>      solutions with strong (256 random bits) keys as the best
>      current solution where possible.
> The (non-classified) current official advice can be read at
> https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
> Enjoy
> Jakob
> -- 
> Jakob Bohm, CIO, Partner, WiseMo A/S.https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151111/e5648307/attachment-0001.html>

More information about the openssl-users mailing list