[openssl-users] ECDSA and ECDH

[Salz, Rich]

> with a host device which will be ported with FIPS compliant OpenSSL library.  Our embedded device will be using ECDSA (FIPS 186-3)  and ECDH (FIPS SP800-56A) by calling APIs of ATECC508A SDK.  Is there any compatibility issue?  

There shouldn't be.  But interop is a hard thing, and a single bug on either side can break compatibility.  You really won't know until you test it.  

> 1. Whether a digest signed using openssl library can be verified in our embedded module and vice-versa .

As I said, it should work.

> 2. We understand that, OpenSSL doesn’t have FIPS 140-2 certification for ECDH. If we use ECDH, whether we can claim our system to be FIPS 140-2 compliant?

You should be careful what you say.  If you claim to be certified, that would be lying ...


> ---Disclaimer------------------------------ This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION

Please get your company policy changed.  Posting a big block disclaimer like this, when writing to a public mailing list, is very obnoxious.