Questions about using Elliptic Curve ciphers in OpenSSL

Jason Schultz jetson23 at hotmail.com
Tue Feb 11 02:39:28 UTC 2020


Anyone have any advice on Elliptic Curve?

Thanks in advance.

________________________________
From: openssl-users <openssl-users-bounces at openssl.org> on behalf of Jason Schultz <jetson23 at hotmail.com>
Sent: Friday, February 7, 2020 2:58 AM
To: openssl-users at openssl.org <openssl-users at openssl.org>
Subject: Questions about using Elliptic Curve ciphers in OpenSSL


I’m somewhat confused as to what I need to do to use ECDHE ciphers (ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, etc). I’m hoping this list can help, or at least point me to a good tutorial somewhere. A lot of the information I’ve looked at is from the following links:



https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations



https://crypto.stackexchange.com/questions/19452/static-dh-static-ecdh-certificate-using-openssl



I’m only looking at getting something set up for testing for now; I have a self-signed certificate and a private key. Here is the certificate, with some info stripped (I didn’t create it so I don’t have the exact commands used):



Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            e7:64:34:3c:f2:b4:f5:cc

    Signature Algorithm: ecdsa-with-SHA256

        Issuer: C=US, ST=MyState, L=City, O=Org, OU=Dept, CN=MyCN/emailAddress=me at example.com

        Validity

            Not Before: Jan 29 20:11:44 2020 GMT

            Not After : Jan 28 20:11:44 2021 GMT

        Subject: C=US, ST= MyState, L=City, O=Org, OU=Dept, CN=MyCN/emailAddress=me at example.com

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub:

                    04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:

                    31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:

                    74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:

                    89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:

                    58:68:82:a4:3e

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Subject Key Identifier:

                DA:B7:A7:5A:16:85:40:61:36:D7:37:5E:AF:BE:E4:90:80:05:C7:FA

            X509v3 Authority Key Identifier:

                keyid:DA:B7:A7:5A:16:85:40:61:36:D7:37:5E:AF:BE:E4:90:80:05:C7:FA



            X509v3 Basic Constraints:

                CA:TRUE

    Signature Algorithm: ecdsa-with-SHA256

         30:45:02:21:00:bc:9c:cb:f1:ca:30:24:d3:7e:86:b4:d4:6f:

         f6:5a:3c:ab:c2:8d:24:b5:bc:03:b2:f9:55:74:0d:5d:cc:2c:

         11:02:20:56:f8:05:4d:88:e6:35:ab:7b:db:01:02:1c:3d:ae:

         ab:5d:5a:86:61:5b:e5:2d:1a:3f:4d:bf:5b:ea:12:c2:50





I also didn’t generate the private key, but I’ll dump some info on it here, again to make sure it looks OK. It’s also part of the equation that I’m not 100% sure about (if my private key is set up correctly). This is a non-production key, used only for initial testing:



---:/etc/ssl # openssl ec -in private/mykey.pem -text

read EC key

Private-Key: (256 bit)

priv:

    00:96:f8:5b:9d:a3:fb:3d:27:de:01:75:54:0f:51:

    69:38:d1:8f:2d:62:19:80:67:14:4a:da:1e:b5:d8:

    57:8f:e8

pub:

    04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:

    31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:

    74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:

    89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:

    58:68:82:a4:3e

ASN1 OID: prime256v1

NIST CURVE: P-256

writing EC key

-----BEGIN EC PRIVATE KEY-----

MHcCAQEEIJb4W52j+z0n3gF1VA9RaTjRjy1iGYBnFEraHrXYV4/ooAoGCCqGSM49

AwEHoUQDQgAEHwfn6gm0lD6pC8TG0mUx20ycM5zN+734sQ6OaVx0zY2YDGcJ+x0B

n/aI1AKJnWZ4/840CecFzGMfUwdYaIKkPg==

-----END EC PRIVATE KEY-----



---:/etc/ssl # openssl ec -in private/mykey.pem -text -param_out

read EC key

Private-Key: (256 bit)

priv:

    00:96:f8:5b:9d:a3:fb:3d:27:de:01:75:54:0f:51:

    69:38:d1:8f:2d:62:19:80:67:14:4a:da:1e:b5:d8:

    57:8f:e8

pub:

    04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:

    31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:

    74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:

    89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:

    58:68:82:a4:3e

ASN1 OID: prime256v1

NIST CURVE: P-256

writing EC key

-----BEGIN EC PARAMETERS-----

BggqhkjOPQMBBw==

-----END EC PARAMETERS-----



For my server code, the setup I use is very similar to if I was using an RSA certificate/key pair; setting up a CTX and calling the appropriate APIs for specifying the private key and certificate. Pseudocode:



ctx = SSL_CTX_new(TLS_method());



status = SSL_CTX_use_PrivateKey_file(ctx,<keyfile>,SSL_FILETYPE_PEM);

status = SSL_CTX_use_certificate_file(ctx, ,<certfile>,SSL_FILETYPE_PEM);



// Verify the cert and key are a pair

status = SSL_CTX_check_private_key(ctx);



I do some validation of the certificate, the code for which I’ll skip as I don’t think it’s important here. I also set the protocol version I support with SSL_CTX_set_max_proto_version() and call SSL_CTX_set_cipher_list() to set the ciphers the server supports. The ciphers include the following:



ECDHE_RSA_WITH_AES_128_CBC_SHA256

ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

ECDHE_RSA_WITH_AES_256_CBC_SHA384

ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

ECDHE_ECDSA_WITH_AES_256_GCM_SHA384



Since I’m supporting ECDHE ciphers, I also call the following API, because I need to set the curves I support:



status = SSL_CTX_set1_curves_list(ctx, "P-521:P-384:P-256");



Then another API call so the server will select the appropriate curve for the client:



status = SSL_CTX_set_ecdh_auto(ctx, 1);



First question, for the ECDHE_RSA* ciphers, I just need an RSA certificate and key, correct? Nothing else to do here?



 Most of my confusion is on the ECDHE_ECDSA* ciphers. Do I need to do anything else in addition to the above to use them? I’ve read about “EC parameters” files (and “ECDHE parameters” files?). Do I need to create another file to read in to support the ECDHE_ECDSA* ciphers? From the second command displaying the private key above, it looks like there are “EC parameters” embedded in the private key. Since I’m not 100% sure how the key was generated, that could be what’s causing my confusion.



Is the code I have above enough, or do I need another file? If so, how is that file generated, and what API do I need to read it in and use it?



Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/2af76d24/attachment-0001.html>


More information about the openssl-users mailing list