*September 07, 2010, 06:48:50 AM
Welcome, Guest. Please login or register.
September 07, 2010, 06:48:50 AM

Login with username, password and session length
508 Posts in 100 Topics by 101 Members - Latest Member: savanah34
Search:     Advanced search
StrongAuth, Inc. Forums
* Home Help Search Login Register
« previous next »
Pages: [1] Print
Author Topic: Specifying custom ECDSA curve parameters  (Read 4743 times)
arshadnoor
Administrator
Full Member
*****
Posts: 212


View Profile
« on: January 17, 2007, 01:09:02 PM »
CSRTool is capable of generating key-pairs based on the standard ANSI X9.62 named curves.  However if you are so inclined, you can also specify your own curve parameters for the key-generation process. 

CSRTool uses the following properties in the csrtool.properties file (or csrtool_<lang>_<COUNTRY>.properties file - as in csrtool_en_US.properties - if you are using a localized version of CSRTool):

csrtool.ecdsa.curve.custom.P=6277101735386680763835789423207666416083908700390324961279
csrtool.ecdsa.curve.custom.A=fffffffffffffffffffffffffffffffefffffffffffffffc
csrtool.ecdsa.curve.custom.B=64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1
csrtool.ecdsa.curve.custom.N=6277101735386680763835789423176059013767194773182842284081
csrtool.ecdsa.curve.custom.Gx=188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012
csrtool.ecdsa.curve.custom.Gy=07192b95ffc8da78631011ed6b24cdd573f977a11e794811
csrtool.ecdsa.curve.custom.H=1

csrtool.ecdsa.curve.custom.A.base=16
csrtool.ecdsa.curve.custom.B.base=16
csrtool.ecdsa.curve.custom.Gx.base=16
csrtool.ecdsa.curve.custom.Gy.base=16
csrtool.ecdsa.curve.custom.H.base=10
csrtool.ecdsa.curve.custom.N.base=10
csrtool.ecdsa.curve.custom.P.base=10

You can specify your own values for the curve parameters (see http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf for details) by either modifying the csrtool.properties file in the main distribution or by creating a csrtool.properties in your HOME directory with these properties.   If you don't want to rebuild CSRTool, then you will need to unjar csrtool.jar, edit the csrtool.properties file with your parameter values, re-jar csrtool.jar with the new values and execute CSRTool.  Alternatively, you can edit the property values and rebuild CSRTool (http://www.strongauth.com/forum/index.php?topic=4.0) to create a new csrtool.jar file.

CSRTool always checks your HOME directory (usually /home/<userid>  on Linux/UNIX and C:\Documents and Settings\<userid>\ on Windows) for a csrtool.properties file and uses the properties defined there (if any) before looking at the systemwide csrtool.properties file in the distribution. 

The P, A, B, N, Gx, Gy and H parameters can be specified in either decimal (base 10) or hexadecimal (base 16) values.  You can mix values with different bases, but no matter which base you use, you MUST specify the "base" for each parameter in the same properties file.

When using csrtool.properties in your HOME directory, you do not need to recompile CSRTool; just restarting it will read in the new values.  If you use a Shell/CommandTool window to start CSRTool, the output in that window will indicate whether the parameters came from the HOME directory of the user, or from the systemwide properties file.
Logged
Pages: [1] Print
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.1 | SMF © 2006, Simple Machines LLC
Themis design by Bloc 		Valid XHTML 1.0! Valid CSS!