View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
001004910000-007: ProfilesSpecpublic2024-12-04 05:552024-12-04 05:55
ReporterBernd Edlinger Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0010049: ECC_nistP256 and ECC_nistP384 are meant to be interoperable
Description

That means, a ECC_nistP384 application instance certificate can
use ECC_nistP384 and ECC_nistP256 security profiles, but from
the profile reporting tool this information either disallows that
or is at least misleading:

ECC-nistP256_Limits:
-> DerivedSignatureKeyLength = 256
-> EncryptionKeyLength=128
-> InitializationVectorLength=128
-> SignatureLength=256
-> MinAsymmetricKeyLength = 256 (ECC)
-> MaxAsymmetricKeyLength = 384 (ECC for CA Only)
-> SecureChannelNonceLength = 64

This should be MaxAsymmetricKeyLength = 384 (ECC)
and the AsymmetricSignatureAlgorithm_ECDSA-SHA2-256
should make it cleat that the signature length is
64 bytes for nistP256 keys and 96 bytes for nistP384 keys
but hash function SHA2-256 is used in any case.
Only a mistP256 key cannot be used to create signatures
for the ECC_nistP384 profile.

Likewise ECC_brainpoolP256r1 and ECC_brainpoolP384r1 were meant
to be interoperable.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-12-04 05:55 Bernd Edlinger New Issue