Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ECDSA curves for private key

    Scheduled Pinned Locked Moved
    ACME
    2
    3
    349
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      Hi,

      which private key ECDSA curves does acme handle or is it down to the OpenSSL library of the system?
      As we can only select 256-bit or 284-bit ECDSA there's no choice about which curve is selected. With Buypass for example this fails as neither option seems to select the secpXXXr1 or primeXXXv1 curves that are necessary.

      Would be appreciated if we could select secp256r1 and secp384r1 specifically (and/or brainpool for that matter) :)

      Greets

      Don't forget to upvote πŸ‘ those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Looks like it's hardcoded in acme.sh:

        https://github.com/Neilpang/acme.sh/blob/master/acme.sh#L980

            if [ "$length" = "256" ]; then
      eccname="prime256v1"
    fi
    if [ "$length" = "384" ]; then
      eccname="secp384r1"
    fi
    if [ "$length" = "521" ]; then
      eccname="secp521r1"
    fi

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • JeGrJ
          JeGr LAYER 8 Moderator
          last edited by

          Strange that a test cert with Buypass explicitly mentioned not being in the supported 'prime256 ' after creating a 256bit curve setting then πŸ€”
          I have to test again it seems!

          Don't forget to upvote πŸ‘ those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post