[openssl-users] ECDSA and ECDH

Salz, Rich rsalz at akamai.com
Fri Jun 2 12:26:25 UTC 2017

> with a host device which will be ported with FIPS compliant OpenSSL library.  Our embedded device will be using ECDSA (FIPS 186-3)  and ECDH (FIPS SP800-56A) by calling APIs of ATECC508A SDK.  Is there any compatibility issue?  

There shouldn't be.  But interop is a hard thing, and a single bug on either side can break compatibility.  You really won't know until you test it.  

> 1. Whether a digest signed using openssl library can be verified in our embedded module and vice-versa .

As I said, it should work.

> 2. We understand that, OpenSSL doesn’t have FIPS 140-2 certification for ECDH. If we use ECDH, whether we can claim our system to be FIPS 140-2 compliant?

You should be careful what you say.  If you claim to be certified, that would be lying ...

> ---Disclaimer------------------------------ This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION

Please get your company policy changed.  Posting a big block disclaimer like this, when writing to a public mailing list, is very obnoxious.

More information about the openssl-users mailing list