ECC in Openssl!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

ECC in Openssl!

puneet batura
Hi,
I am trying to generate a 163 bit key in openssl using ECC but was not been able to do so. I am using openssl-0.9.8a version can anyone show me a example how to do that?

Thanks a Ton!

--
Regards,


Puneet Batura
Open Source Developer
Reply | Threaded
Open this post in threaded view
|

Re: ECC in Openssl!

Nils Larsch
puneet batura wrote:
> Hi,
> I am trying to generate a 163 bit key in openssl using ECC but was not
> been able to do so. I am using openssl-0.9.8a version can anyone show me
> a example how to do that?

for example "openssl ecparam -name sect163k1 -out eckey.pem -genkey -noout"
should work ...

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: ECC in Openssl!

puneet batura
Hi Nils,
 
Yes i have tried that but it says that 'ecparam' is not a valid argument.i am using openssl-0.9.8a version. Is this supported for this version or i have to go with some other version.
 
Thanks! 

 
On 5/11/06, Nils Larsch <[hidden email]> wrote:
puneet batura wrote:
> Hi,
> I am trying to generate a 163 bit key in openssl using ECC but was not
> been able to do so. I am using openssl-0.9.8a version can anyone show me
> a example how to do that?

for example "openssl ecparam -name sect163k1 -out eckey.pem -genkey -noout"
should work ...

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                     [hidden email]
Automated List Manager                           [hidden email]



--
Regards,


Puneet Batura
Open Source Developer
Reply | Threaded
Open this post in threaded view
|

Re: ECC in Openssl!

Nils Larsch
puneet batura wrote:
> Hi Nils,
>  
> Yes i have tried that but it says that 'ecparam' is not a valid
> argument.i am using openssl-0.9.8a version. Is this supported for this
> version or i have to go with some other version.

it should be supported in 0.9.8a but perhaps it has been disabled
in your version (in case you've installed the openssl header files
look at opensslconf.h, if there's a OPENSSL_NO_EC ec support has been
disabled) => try building a new version of openssl 0.9.8[a,b]

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: ECC in Openssl!

puneet batura
Hi Nils,
This is my opensslconf.h file:

/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */

/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND

#ifndef OPENSSL_NO_GMP
# define OPENSSL_NO_GMP
#endif
#ifndef OPENSSL_NO_KRB5
# define OPENSSL_NO_KRB5
#endif
#ifndef OPENSSL_NO_MDC2
# define OPENSSL_NO_MDC2
#endif
#ifndef OPENSSL_NO_RC5
# define OPENSSL_NO_RC5
#endif

#endif /* OPENSSL_DOING_MAKEDEPEND */
#ifndef OPENSSL_THREADS
# define OPENSSL_THREADS
#endif
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
# define OPENSSL_NO_DYNAMIC_ENGINE
#endif

/* The OPENSSL_NO_* macros are also defined as NO_* if the application
   asks for it.  This is a transient feature that is provided for those
   who haven't had the time to do the appropriate changes in their
   applications.  */
#ifdef OPENSSL_ALGORITHM_DEFINES
# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
#  define NO_GMP
# endif
# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
#  define NO_KRB5
# endif
# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
#  define NO_MDC2
# endif
# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
#  define NO_RC5
# endif
#endif
#define OPENSSL_CPUID_OBJ

/* crypto/opensslconf.h.in */

/* Generate 80386 code? */
#undef I386_ONLY

#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
#define ENGINESDIR "/usr/local/ssl/lib/engines"
#define OPENSSLDIR "/usr/local/ssl"
#endif
#endif

#undef OPENSSL_UNISTD
#define OPENSSL_UNISTD <unistd.h>

#undef OPENSSL_EXPORT_VAR_AS_FUNCTION

#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
#define IDEA_INT unsigned int
#endif
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
#define MD2_INT unsigned int
#endif

#if defined(HEADER_RC2_H) && !defined(RC2_INT)
/* I need to put in a mod for the alpha - eay */
#define RC2_INT unsigned int
#endif

#if defined(HEADER_RC4_H)
#if !defined(RC4_INT)
/* using int types make the structure larger but make the code faster
 * on most boxes I have tested - up to %20 faster. */
/*
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
 */
#define RC4_INT unsigned int
#endif
#if !defined(RC4_CHUNK)
/*
 * This enables code handling data aligned at natural CPU word

* boundary. See crypto/rc4/rc4_enc.c for further details.
 */
#undef RC4_CHUNK
#endif
#endif

#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
 * %20 speed up (longs are 8 bytes, int's are 4). */
#ifndef DES_LONG
#define DES_LONG unsigned long
#endif
#endif

#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
#define CONFIG_HEADER_BN_H
#define BN_LLONG

/* Should we define BN_DIV2W here? */

/* Only one for the following should be defined */
/* The prime number generation stuff may not work when
 * EIGHT_BIT but I don't care since I've only used this mode

 * for debuging the bignum libraries */
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
#undef SIXTEEN_BIT
#undef EIGHT_BIT
#endif

#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
 * speedup on x86 */
#define RC4_INDEX
#endif

#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
#define CONFIG_HEADER_BF_LOCL_H
#undef BF_PTR
#endif /* HEADER_BF_LOCL_H */

#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
#define CONFIG_HEADER_DES_LOCL_H
#ifndef DES_DEFAULT_OPTIONS
/* the following is tweaked from a config script, that is why it is a
 * protected undef/define */
#ifndef DES_PTR
#define DES_PTR
#endif

/* This helps C compiler generate the correct code for multiple functional
 * units.  It reduces register dependancies at the expense of 2 more
 * registers */
#ifndef DES_RISC1
#define DES_RISC1
#endif

#ifndef DES_RISC2
#undef DES_RISC2
#endif

#if defined(DES_RISC1) && defined(DES_RISC2)
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif


/* Unroll the inner loop, this sometimes helps, sometimes hinders.
 * Very mucy CPU dependant */
#ifndef DES_UNROLL
#define DES_UNROLL
#endif

/* These default values were supplied by
 * Peter Gutman <[hidden email]>
 * They are only used if nothing else has been defined */
#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
/* Special defines which change the way the code is built depending on the
   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
   even newer MIPS CPU's, but at the moment one size fits all for
   optimization options.  Older Sparc's work better with only UNROLL, but
   there's no way to tell at compile time what it is you're running on */

#if defined( sun )              /* Newer Sparc's */
#  define DES_PTR
#  define DES_RISC1
#  define DES_UNROLL
#elif defined( __ultrix )       /* Older MIPS */
#  define DES_PTR
#  define DES_RISC1
#  define DES_UNROLL
#elif defined( __ultrix )       /* Older MIPS */
#  define DES_PTR
#  define DES_RISC2
#  define DES_UNROLL
#elif defined( __osf1__ )       /* Alpha */
#  define DES_PTR
#  define DES_RISC2
#elif defined ( _AIX )          /* RS6000 */
  /* Unknown */
#elif defined( __hpux )         /* HP-PA */
  /* Unknown */
#elif defined( __aux )          /* 68K */
  /* Unknown */
#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
#  define DES_UNROLL
#elif defined( __sgi )          /* Newer MIPS */
#  define DES_PTR
#  define DES_RISC2
#  define DES_UNROLL
#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
#  define DES_PTR
#  define DES_RISC1
#  define DES_UNROLL
#endif /* Systems-specific speed defines */
#endif

#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */


It dosent contain that line?


On 5/12/06, Nils Larsch <[hidden email]> wrote:
puneet batura wrote:
> Hi Nils,
>
> Yes i have tried that but it says that 'ecparam' is not a valid
> argument.i am using openssl-0.9.8a version. Is this supported for this
> version or i have to go with some other version.

it should be supported in 0.9.8a but perhaps it has been disabled
in your version (in case you've installed the openssl header files
look at opensslconf.h, if there's a OPENSSL_NO_EC ec support has been
disabled) => try building a new version of openssl 0.9.8[a,b]

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



--
Regards,


Puneet Batura
Open Source Developer