0010081: wrong key length for nistP521 - MantisBT

10000-007: Profiles
- - All Projects
  - .NET API
  - Certification
  - Compliance Test Tool (CTT) COM Classic
  - Compliance Test Tool (CTT) Unified Architecture
  - CTT UA Binary
  - CTT UA Help
  - CTT UA Package
  - CTT UA Scripts
  - CTT UA Test Case
  - OPC Analyzer
  - Safety Compliance Test Tool (UASCTT)
  - UASCTT Documentation
  - UASCTT Software
  - Specifications
  - Classic DA Client
  - Classic DA Server
  - Safety Test Document
  - UA Client - Certification tests
  - UA Server - Certification tests
  - COM/XML Sample Code
  - COM-AE Sample Code
  - COM-DA Sample Code
  - COM-HDA Sample Code
  - XML-DA Sample Code
  - Core Components
  - OpenSCS
  - UA
  - Field eXchange (UAFX)
  - Part 80: UAFX Overview and Concepts [sg.Architecture]
  - Part 81: UAFX Connecting Devices and Information Model [sg.BaseFacet]
  - Part 82: UAFX Networking [sg.Networking]
  - Part 83: UAFX Offline Engineering [sg.OfflineEngineering]
  - Part 84: UAFX Profiles
  - sg.I/O
  - sg.Instrumentation
  - sg.Motion
  - UAFX Nodeset
  - UAFX Testing (CTT) [sg.TestDevelopment]
  - Information Models
  - 10000-100: Devices
  - 10000-110: Asset Management Basics
  - 10000-200: Industrial Automation - Basics
  - 10000-210: Industrial Automation - Relative Spatial Location
  - 10020: Analyzer Device Integration (ADI)
  - 10030: ISA-95
  - 10031: ISA 95 Job Control
  - 10040: IEC 61850
  - 10100-1: WOT Connectivity
  - 11020: Companion Spec Template
  - 30000: PLCopen
  - 30010: AutoID
  - 30020: MDIS
  - 30030: BACnet
  - 30040: AutomationML
  - 30050: PackML
  - 30060: TMC
  - 30070: MTConnect
  - 30081: PADIM
  - 30090: FDT
  - 30110: Powerlink
  - 30120: IO-Link
  - 30130: CCLink (CSP+ForMachine)
  - 30140: PROFINET
  - 30170: ODVA-CIP
  - 30170: ODVA-CIP: 01: Promises
  - 30170: ODVA-CIP: 02: User Stories
  - 30170: ODVA-CIP: 03: Requirements
  - 30200: Commercial Kitchen Equipment
  - 30250: DEXPI
  - 30270: I4AAS
  - 30400: UA Cloud LIbrary
  - 34100: Energy Consumption Management
  - 40001: Machinery
  - 40010: Robotics
  - 40010-1: Robotics-1: Vertical integration
  - 400nn: PlasticsRubber
  - 40077: PlasticsRubber IMM2MES
  - 40082-1: PlasticsRubber TCD
  - 40082-2: PlasticsRubber HotRunner
  - 40082-3: PlasticsRubber LDS
  - 40082-5: PlasticsRubber Moulds
  - 40083: PlasticsRubber
  - 40083: PlasticsRubber GeneralTypes
  - 40084: PlasticsRubber Extrusion
  - 40084-10: PlasticsRubber Extrusion Calibrator
  - 40084-11: PlasticsRubber Extrusion Corrugator
  - 40084-12: PlasticsRubber Extrusion Calender
  - 40084-1: PlasticsRubber Extrusion GeneralTypes
  - 40084-2: PlasticsRubber Extrusion ExtrusionLine
  - 40084-3: PlasticsRubber Extrusion Extruder
  - 40084-4: PlasticsRubber Extrusion HaulOff
  - 40084-5: PlasticsRubber Extrusion MeltPump
  - 40084-6: PlasticsRubber Extrusion Filter
  - 40084-7: PlasticsRubber Extrusion Die
  - 40084-8: PlasticsRubber Extrusion Pelletizer
  - 40084-9: PlasticsRubber Extrusion Cutter
  - 40100: Machine Vision
  - 40100-1: MachineVision-1: Control and more
  - 40200: Weighing Technology
  - 40210: Geometric Measuring Systems
  - 40223: Pumps and Vacuum Pumps
  - 40250: Compressed Air
  - 40301: Flat Glass
  - 40351: High Pressure Die Casting (HPDC)
  - 40400-1: Powertrain
  - 40450: Joining
  - 40450-1: IJT Joining System – Base
  - 40451: Tightening
  - 40451-1: IJT Tightening System – General
  - 40501: MachineTool
  - 40501-1: MachineTool-1: Monitoring and Job
  - 40502: CNC
  - 40550: Woodworking Machinery
  - 4056n: Mining
  - 40560: Mining General
  - 40561: Mining Extraction Equipment
  - 40562: Mining Loading Equipment
  - 40563: Mining Transport And Dumping Equipment
  - 40564: Mining Mineral Processing Equipment
  - 40565: Mining Development And Support Equipment
  - 40566: Mining Monitoring And Supervision Services
  - 40567: Mining PELO Services
  - 40569: Mining Application And Use Cases
  - 40701: Cleaning-Pretreatment Surface Technology
  - UA Specification
  - 10000-001: Concepts
  - 10000-002: Security
  - 10000-003: Address Space
  - 10000-004: Services
  - 10000-005: Information Model
  - 10000-006: Mappings
  - 10000-007: Profiles
  - 10000-008: Data Access
  - 10000-009: Alarms and Conditions
  - 10000-010: Programs
  - 10000-011: Historical Access
  - 10000-012: Discovery
  - 10000-013: Aggregates
  - 10000-014: PubSub
  - 10000-015: Safety
  - UA Safety Stack
  - UA Safety Stack - Documentation
  - UA Safety Stack - Source Code
  - 10000-016: State Machines
  - 10000-017: Alias Names
  - 10000-018: Role-Based Security
  - 10000-019: Dictionary Reference
  - 10000-020: File Transfer
  - 10000-021: Device Onboarding
  - 10000-022: Base Network Model
  - 10000-023: Common ReferenceTypes
  - 10000-024: Scheduler
  - 10000-025: ObjectSerialization
  - 10000-026: LogObject
  - 10000-110: Asset Management Basics
  - 10000-120: XML Data Type Mapping
  - 10000-200: Industrial Automation - Basics
  - 10000-210: Industrial Automation - Relative Spatial Location
  - Code Generators
  - ModelValidator
  - Feature Requests
  - NodeSets, XSDs and Generated Code
  - Website
  - IOP App
  - Online Reference
  - Profiles Application
  - Teams
  - Whitepapers - 22***
  - OPC-11030: UA Modelling Best Practices
  - Wireshark plug-in
anonymous

ID	Project	Category	View Status	Date Submitted	Last Update

0010081	10000-007: Profiles	Spec	public	2024-12-12 14:30	2025-01-14 16:56

Reporter	Bernd Edlinger	Assigned To	Randy Armstrong
Priority	high	Severity	major	Reproducibility	always
Status	assigned	Resolution	open

Summary	0010081: wrong key length for nistP521
Description	In the profile reporting under [CertificateKeyAlgorithm_ECC-nistP384] https://profiles.opcfoundation.org/conformanceunit/2444 I see this: "The P-384 or P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. Signatures and keys are 96 bytes or 128 bytes." But it is complete nonsense to say that Signatures or keys of nistP521 are 128 Bytes, because they are (521+7)/8 * 2 = 132 raw bytes. However it is completely misleading to point that out, because the ECC_nistP384 protocol is not expected to use raw ECDSA signatures, or ephemeral keys of that type, if they are used those are DER-encoded signatures embedded in a certificate.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-12-12 14:30	Bernd Edlinger	New Issue
2025-01-14 16:55	Jim Luth	Assigned To	=> Randy Armstrong
2025-01-14 16:55	Jim Luth	Status	new => assigned
2025-01-14 16:56	Jim Luth	Priority	normal => high
2025-01-14 16:56	Jim Luth	Severity	minor => major