EDDSA test results

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

EDDSA test results

Robert Moskowitz
I have followed the procedure I made for ECDSA certs in:

draft-moskowitz-ecdsa-pki (an update is pending on typos I encountered
in this run through)

But making ED25519 certs instead.

Other than obvious changes (e.g. -algorithm ed25519) and hash
specification, I was successful.

My testing was done on a Fedora-armhfp-28-beta system providing openssl:

OpenSSL 1.1.1-pre8 (beta) FIPS 20 Jun 2018

I am going to assume that PR6901 will go into the next beta and I can
drop the '-md null' from some command lines and do not have to make
special .cnf files without md_default lines.

I will test this on the next beta to be sure (trust, but verify!)

Remaining to do:

Using the tree command, here are some certificate size comparisons

                       ECDSA     ED25519

Root cert               826         737

Intermedicate CA cert   806         721

Client cert             944         834

Server cert            1086         971



thank you for making ED25519 available!

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: EDDSA test results

Robert Moskowitz
Oops.  That is the Fedora 29 beta...

On 08/10/2018 04:44 PM, Robert Moskowitz wrote:

> I have followed the procedure I made for ECDSA certs in:
>
> draft-moskowitz-ecdsa-pki (an update is pending on typos I encountered
> in this run through)
>
> But making ED25519 certs instead.
>
> Other than obvious changes (e.g. -algorithm ed25519) and hash
> specification, I was successful.
>
> My testing was done on a Fedora-armhfp-28-beta system providing openssl:
>
> OpenSSL 1.1.1-pre8 (beta) FIPS 20 Jun 2018
>
> I am going to assume that PR6901 will go into the next beta and I can
> drop the '-md null' from some command lines and do not have to make
> special .cnf files without md_default lines.
>
> I will test this on the next beta to be sure (trust, but verify!)
>
> Remaining to do:
>
> Using the tree command, here are some certificate size comparisons
>
>                       ECDSA     ED25519
>
> Root cert               826         737
>
> Intermedicate CA cert   806         721
>
> Client cert             944         834
>
> Server cert            1086         971
>
>
>
> thank you for making ED25519 available!
>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users