openssl3.2 - exp - 选择最好的内建椭圆曲线

文章目录

    • openssl3.2 - exp - 选择最好的内建椭圆曲线
    • 概述
    • 笔记
    • 将 openssl ecparam -list_curves 实现迁移到自己的demo工程
    • 备注
    • END

openssl3.2 - exp - 选择最好的内建椭圆曲线

概述

在openssl中使用椭圆曲线, 只允许选择椭圆曲线的名字, 无法给定椭圆曲线的位数.
估计每种椭圆曲线都有固定的位数(bit prime field)
openssl.exe有命令可以列出全部的椭圆曲线列表

openssl ecparam -list_curves


D:\my_tmp>openssl ecparam -list_curvessecp112r1 : SECG/WTLS curve over a 112 bit prime fieldsecp112r2 : SECG curve over a 112 bit prime fieldsecp128r1 : SECG curve over a 128 bit prime fieldsecp128r2 : SECG curve over a 128 bit prime fieldsecp160k1 : SECG curve over a 160 bit prime fieldsecp160r1 : SECG curve over a 160 bit prime fieldsecp160r2 : SECG/WTLS curve over a 160 bit prime fieldsecp192k1 : SECG curve over a 192 bit prime fieldsecp224k1 : SECG curve over a 224 bit prime fieldsecp224r1 : NIST/SECG curve over a 224 bit prime fieldsecp256k1 : SECG curve over a 256 bit prime fieldsecp384r1 : NIST/SECG curve over a 384 bit prime fieldsecp521r1 : NIST/SECG curve over a 521 bit prime fieldprime192v1: NIST/X9.62/SECG curve over a 192 bit prime fieldprime192v2: X9.62 curve over a 192 bit prime fieldprime192v3: X9.62 curve over a 192 bit prime fieldprime239v1: X9.62 curve over a 239 bit prime fieldprime239v2: X9.62 curve over a 239 bit prime fieldprime239v3: X9.62 curve over a 239 bit prime fieldprime256v1: X9.62/SECG curve over a 256 bit prime fieldsect113r1 : SECG curve over a 113 bit binary fieldsect113r2 : SECG curve over a 113 bit binary fieldsect131r1 : SECG/WTLS curve over a 131 bit binary fieldsect131r2 : SECG curve over a 131 bit binary fieldsect163k1 : NIST/SECG/WTLS curve over a 163 bit binary fieldsect163r1 : SECG curve over a 163 bit binary fieldsect163r2 : NIST/SECG curve over a 163 bit binary fieldsect193r1 : SECG curve over a 193 bit binary fieldsect193r2 : SECG curve over a 193 bit binary fieldsect233k1 : NIST/SECG/WTLS curve over a 233 bit binary fieldsect233r1 : NIST/SECG/WTLS curve over a 233 bit binary fieldsect239k1 : SECG curve over a 239 bit binary fieldsect283k1 : NIST/SECG curve over a 283 bit binary fieldsect283r1 : NIST/SECG curve over a 283 bit binary fieldsect409k1 : NIST/SECG curve over a 409 bit binary fieldsect409r1 : NIST/SECG curve over a 409 bit binary fieldsect571k1 : NIST/SECG curve over a 571 bit binary fieldsect571r1 : NIST/SECG curve over a 571 bit binary fieldc2pnb163v1: X9.62 curve over a 163 bit binary fieldc2pnb163v2: X9.62 curve over a 163 bit binary fieldc2pnb163v3: X9.62 curve over a 163 bit binary fieldc2pnb176v1: X9.62 curve over a 176 bit binary fieldc2tnb191v1: X9.62 curve over a 191 bit binary fieldc2tnb191v2: X9.62 curve over a 191 bit binary fieldc2tnb191v3: X9.62 curve over a 191 bit binary fieldc2pnb208w1: X9.62 curve over a 208 bit binary fieldc2tnb239v1: X9.62 curve over a 239 bit binary fieldc2tnb239v2: X9.62 curve over a 239 bit binary fieldc2tnb239v3: X9.62 curve over a 239 bit binary fieldc2pnb272w1: X9.62 curve over a 272 bit binary fieldc2pnb304w1: X9.62 curve over a 304 bit binary fieldc2tnb359v1: X9.62 curve over a 359 bit binary fieldc2pnb368w1: X9.62 curve over a 368 bit binary fieldc2tnb431r1: X9.62 curve over a 431 bit binary fieldwap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime fieldOakley-EC2N-3:IPSec/IKE/Oakley curve #3 over a 155 bit binary field.Not suitable for ECDSA.Questionable extension field!Oakley-EC2N-4:IPSec/IKE/Oakley curve #4 over a 185 bit binary field.Not suitable for ECDSA.Questionable extension field!brainpoolP160r1: RFC 5639 curve over a 160 bit prime fieldbrainpoolP160t1: RFC 5639 curve over a 160 bit prime fieldbrainpoolP192r1: RFC 5639 curve over a 192 bit prime fieldbrainpoolP192t1: RFC 5639 curve over a 192 bit prime fieldbrainpoolP224r1: RFC 5639 curve over a 224 bit prime fieldbrainpoolP224t1: RFC 5639 curve over a 224 bit prime fieldbrainpoolP256r1: RFC 5639 curve over a 256 bit prime fieldbrainpoolP256t1: RFC 5639 curve over a 256 bit prime fieldbrainpoolP320r1: RFC 5639 curve over a 320 bit prime fieldbrainpoolP320t1: RFC 5639 curve over a 320 bit prime fieldbrainpoolP384r1: RFC 5639 curve over a 384 bit prime fieldbrainpoolP384t1: RFC 5639 curve over a 384 bit prime fieldbrainpoolP512r1: RFC 5639 curve over a 512 bit prime fieldbrainpoolP512t1: RFC 5639 curve over a 512 bit prime fieldSM2       : SM2 curve over a 256 bit prime field

比较每种椭圆曲线的质数域位数, 挑出最大的那个.

sect571k1 : NIST/SECG curve over a 571 bit binary field
sect571r1 : NIST/SECG curve over a 571 bit binary field

可知, 质数域位数最大的椭圆曲线有2个 : sect571k1 或者 sect571r1, 位数都是571位.

笔记

将 openssl ecparam -list_curves 实现迁移到自己的demo工程

想看看官方怎么实现的这个命令.

/*!
* \file exp017_ecparam_list_curves.cpp
* \note 看看openssl如何实现命令 openssl ecparam -list_curves
*/#include "my_openSSL_lib.h"
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/ec.h>
#include <openssl/objects.h>#include <stdlib.h>
#include <stdio.h>
#include <assert.h>#include "CMemHookRec.h"void my_openssl_app();
int list_builtin_curves(BIO* out);int main(int argc, char** argv)
{setvbuf(stdout, NULL, _IONBF, 0); // 清掉stdout缓存, 防止调用printf时阻塞mem_hook();my_openssl_app();mem_unhook();/*! run resultlist_builtin_curves, cnt = 82--------------------secp112r1           : -20SECG/WTLS curve over a 112 bit prime fieldsecp112r2           : -20SECG curve over a 112 bit prime fieldsecp128r1           : -20SECG curve over a 128 bit prime fieldsecp128r2           : -20SECG curve over a 128 bit prime fieldsecp160k1           : -20SECG curve over a 160 bit prime fieldsecp160r1           : -20SECG curve over a 160 bit prime fieldsecp160r2           : -20SECG/WTLS curve over a 160 bit prime fieldsecp192k1           : -20SECG curve over a 192 bit prime fieldsecp224k1           : -20SECG curve over a 224 bit prime fieldsecp224r1           : -20NIST/SECG curve over a 224 bit prime fieldsecp256k1           : -20SECG curve over a 256 bit prime fieldsecp384r1           : -20NIST/SECG curve over a 384 bit prime fieldsecp521r1           : -20NIST/SECG curve over a 521 bit prime fieldprime192v1          : -20NIST/X9.62/SECG curve over a 192 bit prime fieldprime192v2          : -20X9.62 curve over a 192 bit prime fieldprime192v3          : -20X9.62 curve over a 192 bit prime fieldprime239v1          : -20X9.62 curve over a 239 bit prime fieldprime239v2          : -20X9.62 curve over a 239 bit prime fieldprime239v3          : -20X9.62 curve over a 239 bit prime fieldprime256v1          : -20X9.62/SECG curve over a 256 bit prime fieldsect113r1           : -20SECG curve over a 113 bit binary fieldsect113r2           : -20SECG curve over a 113 bit binary fieldsect131r1           : -20SECG/WTLS curve over a 131 bit binary fieldsect131r2           : -20SECG curve over a 131 bit binary fieldsect163k1           : -20NIST/SECG/WTLS curve over a 163 bit binary fieldsect163r1           : -20SECG curve over a 163 bit binary fieldsect163r2           : -20NIST/SECG curve over a 163 bit binary fieldsect193r1           : -20SECG curve over a 193 bit binary fieldsect193r2           : -20SECG curve over a 193 bit binary fieldsect233k1           : -20NIST/SECG/WTLS curve over a 233 bit binary fieldsect233r1           : -20NIST/SECG/WTLS curve over a 233 bit binary fieldsect239k1           : -20SECG curve over a 239 bit binary fieldsect283k1           : -20NIST/SECG curve over a 283 bit binary fieldsect283r1           : -20NIST/SECG curve over a 283 bit binary fieldsect409k1           : -20NIST/SECG curve over a 409 bit binary fieldsect409r1           : -20NIST/SECG curve over a 409 bit binary fieldsect571k1           : -20NIST/SECG curve over a 571 bit binary field // !!! best one sect571r1           : -20NIST/SECG curve over a 571 bit binary field // !!! best onec2pnb163v1          : -20X9.62 curve over a 163 bit binary fieldc2pnb163v2          : -20X9.62 curve over a 163 bit binary fieldc2pnb163v3          : -20X9.62 curve over a 163 bit binary fieldc2pnb176v1          : -20X9.62 curve over a 176 bit binary fieldc2tnb191v1          : -20X9.62 curve over a 191 bit binary fieldc2tnb191v2          : -20X9.62 curve over a 191 bit binary fieldc2tnb191v3          : -20X9.62 curve over a 191 bit binary fieldc2pnb208w1          : -20X9.62 curve over a 208 bit binary fieldc2tnb239v1          : -20X9.62 curve over a 239 bit binary fieldc2tnb239v2          : -20X9.62 curve over a 239 bit binary fieldc2tnb239v3          : -20X9.62 curve over a 239 bit binary fieldc2pnb272w1          : -20X9.62 curve over a 272 bit binary fieldc2pnb304w1          : -20X9.62 curve over a 304 bit binary fieldc2tnb359v1          : -20X9.62 curve over a 359 bit binary fieldc2pnb368w1          : -20X9.62 curve over a 368 bit binary fieldc2tnb431r1          : -20X9.62 curve over a 431 bit binary fieldwap-wsg-idm-ecid-wtls1: -20WTLS curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls3: -20NIST/SECG/WTLS curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls4: -20SECG curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls5: -20X9.62 curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls6: -20SECG/WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls7: -20SECG/WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls8: -20WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls9: -20WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls10: -20NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls11: -20NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls12: -20WTLS curve over a 224 bit prime fieldOakley-EC2N-3       : -20IPSec/IKE/Oakley curve #3 over a 155 bit binary field.Not suitable for ECDSA.Questionable extension field!Oakley-EC2N-4       : -20IPSec/IKE/Oakley curve #4 over a 185 bit binary field.Not suitable for ECDSA.Questionable extension field!brainpoolP160r1     : -20RFC 5639 curve over a 160 bit prime fieldbrainpoolP160t1     : -20RFC 5639 curve over a 160 bit prime fieldbrainpoolP192r1     : -20RFC 5639 curve over a 192 bit prime fieldbrainpoolP192t1     : -20RFC 5639 curve over a 192 bit prime fieldbrainpoolP224r1     : -20RFC 5639 curve over a 224 bit prime fieldbrainpoolP224t1     : -20RFC 5639 curve over a 224 bit prime fieldbrainpoolP256r1     : -20RFC 5639 curve over a 256 bit prime fieldbrainpoolP256t1     : -20RFC 5639 curve over a 256 bit prime fieldbrainpoolP320r1     : -20RFC 5639 curve over a 320 bit prime fieldbrainpoolP320t1     : -20RFC 5639 curve over a 320 bit prime fieldbrainpoolP384r1     : -20RFC 5639 curve over a 384 bit prime fieldbrainpoolP384t1     : -20RFC 5639 curve over a 384 bit prime fieldbrainpoolP512r1     : -20RFC 5639 curve over a 512 bit prime fieldbrainpoolP512t1     : -20RFC 5639 curve over a 512 bit prime fieldSM2                 : -20SM2 curve over a 256 bit prime field--------------------free map, g_mem_hook_map.size() = 0*/return 0;
}void my_openssl_app()
{BIO* bio_out = NULL;do {bio_out = BIO_new_fp(stdout, 0);if (NULL == bio_out){break;}list_builtin_curves(bio_out);} while (false);if (NULL != bio_out){BIO_free(bio_out);bio_out = NULL;}
}int list_builtin_curves(BIO* out)
{int ret = 0;EC_builtin_curve* curves = NULL;size_t n, crv_len = EC_get_builtin_curves(NULL, 0);BIO_printf(out, "list_builtin_curves, cnt = %d\n", crv_len);curves = (EC_builtin_curve*)OPENSSL_malloc(sizeof(*curves) * crv_len);if (!EC_get_builtin_curves(curves, crv_len)){BIO_printf(out, "err\n");goto end;}BIO_printf(out, "--------------------\n");for (n = 0; n < crv_len; n++) {const char* comment = curves[n].comment;const char* sname = OBJ_nid2sn(curves[n].nid);if (comment == NULL)comment = "CURVE DESCRIPTION NOT AVAILABLE";if (sname == NULL)sname = "";BIO_printf(out, "  %-20s: -20%s\n", sname, comment);}BIO_printf(out, "--------------------\n");ret = 1;
end:OPENSSL_free(curves);return ret;
}

备注

在这里插入图片描述
从查到的资料看, ECC521就比普通的RSA位数强多了.
现在主流网站用的RSA证书位数都是4096(e.g. MS主站)
sect571k1, sect571r1的位数是571位, 强度应该更高吧.

END

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/535643.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

GPT实战系列-LangChain构建自定义Agent

GPT实战系列-LangChain构建自定义Agent

GPT实战系列-LangChain构建自定义Agent LangChain GPT实战系列-LangChain如何构建基通义千问的多工具链 GPT实战系列-构建多参数的自定义LangChain工具 GPT实战系列-通过Basetool构建自定义LangChain工具方法 GPT实战系列-一种构建LangChain自定义Tool工具的简单方法 GPT…
阅读更多...
AI减肥小助手:科学减重,启动更美好的自己

AI减肥小助手:科学减重,启动更美好的自己

AI健身伙伴助力减肥大计 新的一年开始了&#xff0c;看完《热辣滚汤》是不是已经迫不及待地计划着自己的新年目标了呢&#xff1f; 如果您的其中一个目标是减肥&#xff0c;那么今年就让AI成为您的年度健身伙伴吧&#xff01;在本文中&#xff0c;我们将分享如何利用AI来制定并…
阅读更多...
银河麒麟V10SP3操作系统-网络时间配置

银河麒麟V10SP3操作系统-网络时间配置

1、动态网络配置 打开终端&#xff0c;以网口 eth0 为例&#xff1a; nmcli conn add connection.id eth0-dhcp type ether ifname eth0 ipv4.method auto其中“eth0-dhcp”为连接的名字&#xff0c;可以根据自己的需要命名方便记忆和操作 的名字&#xff1b;“ifname eth0”…
阅读更多...
基于SpringBoot+MYSQL的旅游网站

基于SpringBoot+MYSQL的旅游网站

目录 1、前言介绍 2、主要技术 3、系统流程分析 1、登录流程图如下&#xff1a; 2、管理员后台管理流程图如下&#xff1a; 3. 修改密码流程图如下&#xff1a; 4、系统设计 4.1、系统结构设计 4.2 数据库概述 4.2.1 数据库概念设计 4.2.2 数据库逻辑设计 5、运行截…
阅读更多...
在Linux中进行OpenSSH升级

在Linux中进行OpenSSH升级

由于OpenSSH有严重漏洞&#xff0c;因此需要升级OpenSSH到最新版本。 OpenSSL和OpenSSH都要更新&#xff0c;OpenSSH依赖于OpenSSL。 第一步&#xff0c;查看当前的OpenSSH服务版本。 命令&#xff1a;ssh -V 第二步&#xff0c;安装、启动telnet&#xff0c;关闭安全文件&a…
阅读更多...
案例分析篇12:可靠性设计考点(2024年软考高级系统架构设计师冲刺知识点总结系列文章)

案例分析篇12:可靠性设计考点(2024年软考高级系统架构设计师冲刺知识点总结系列文章)

专栏系列文章推荐: 2024高级系统架构设计师备考资料(高频考点&真题&经验)https://blog.csdn.net/seeker1994/category_12593400.html 【历年案例分析真题考点汇总】与【专栏文章案例分析高频考点目录】(2024年软考高级系统架构设计师冲刺知识点总结-案例分析篇-…
阅读更多...
【C++那些事儿】深入理解C++类与对象:从概念到实践(下)| 再谈构造函数(初始化列表)| explicit关键字 | static成员 | 友元

【C++那些事儿】深入理解C++类与对象:从概念到实践(下)| 再谈构造函数(初始化列表)| explicit关键字 | static成员 | 友元

&#x1f4f7; 江池俊&#xff1a;个人主页 &#x1f525; 个人专栏&#xff1a;✅C那些事儿 ✅Linux技术宝典 &#x1f305; 此去关山万里&#xff0c;定不负云起之望 文章目录 1. 再谈构造函数1.1 构造函数体赋值1.2 初始化列表1.3 explicit 关键字 2. static成员2.1 概念…
阅读更多...
【NestJS 编程艺术】3. 探索NestJS的高效开发:nest-cli的全面指南

【NestJS 编程艺术】3. 探索NestJS的高效开发:nest-cli的全面指南

在现代的 Node.js 服务端开发中&#xff0c;NestJS 以其优雅的架构和强大的功能集成为了开发者的首选框架之一。而这一切的起点&#xff0c;都始于nestjs/cli这个强大的命令行工具。本文将深入探讨nest-cli的核心功能&#xff0c;帮助开发者高效地创建、构建和管理 NestJS 项目…
阅读更多...
Unity2019.2.x 导出apk 安装到安卓Android12+及以上的系统版本 安装出现-108 安装包似乎无效的解决办法

Unity2019.2.x 导出apk 安装到安卓Android12+及以上的系统版本 安装出现-108 安装包似乎无效的解决办法

Unity2019.2.x 导出apk 安装到安卓Android12及以上的系统版本 安装出现-108 安装包似乎无效的解决办法 导出AndroidStudio工程后 需要设置 build.gradle文件 // GENERATED BY UNITY. REMOVE THIS COMMENT TO PREVENT OVERWRITING WHEN EXPORTING AGAINbuildscript {repositor…
阅读更多...
性能测试总结 —— 测试流程篇!

性能测试总结 —— 测试流程篇!

本文主要介绍下性能测试的基本流程&#xff0c;性能测试从实际执行层面来看&#xff0c;测试的过程一般分为这么几个阶段&#xff0c;如下图&#xff1a;       下面分别介绍下每个阶段具体需要做什么&#xff1a; 一、性能需求分析&#xff1a; 性能需求分析是整个性能…
阅读更多...
MYSQL 主从不一致的原因分析

MYSQL 主从不一致的原因分析

数据库作为存储数据的组件&#xff0c;数据的一致性一定是要保证的前提&#xff0c;今天给出两个场景来分析数据不一致的原因。 binlog同步模式导致主从不一致 在MYSQL 中主库向从库同步数据是利用binlog记录修改操作&#xff0c;然后将binlog传递给从库进行复制&#xff0c;…
阅读更多...
独家原创!微电网OR综合能源系统用户用电行为分析程序代码!

独家原创!微电网OR综合能源系统用户用电行为分析程序代码!

适用平台&#xff1a;MatlabYalmipCplex 程序以含分布式新能源、储能、微型燃气轮机作为主要电力来源&#xff0c;以照明设备、电视、洗衣机和空调等主要家庭用电设备作为电负荷&#xff0c;仿真了3种典型家庭用户的用电行为。程序算例丰富、注释清晰、干货满满&#xff0c;可…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023