0010081: wrong key length for nistP521

ID	Project	Category	View Status	Date Submitted	Last Update

0010081	10000-007: Profiles	Spec	public	2024-12-12 14:30	2024-12-12 14:30

Reporter	Bernd Edlinger	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open

Summary	0010081: wrong key length for nistP521
Description	In the profile reporting under [CertificateKeyAlgorithm_ECC-nistP384] https://profiles.opcfoundation.org/conformanceunit/2444 I see this: "The P-384 or P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. Signatures and keys are 96 bytes or 128 bytes." But it is complete nonsense to say that Signatures or keys of nistP521 are 128 Bytes, because they are (521+7)/8 * 2 = 132 raw bytes. However it is completely misleading to point that out, because the ECC_nistP384 protocol is not expected to use raw ECDSA signatures, or ephemeral keys of that type, if they are used those are DER-encoded signatures embedded in a certificate.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-12-12 14:30	Bernd Edlinger	New Issue