Elliptic curve cryptography

Similar Messages

• Java Card and Elliptic Curves

  Hi all,
  has anyone ever used Elliptic Curve cryptography on a Java Card? I can't find any documentation and sample code about this topic, although it should be implemented in the new java card specifications.
  I would like to use ECC instead of RSA for encrypting a message and verifying a signature on a java card with a EC pubkey.
  If anyone could provide me with sample code or hints, that would be very helpful!
  Thanks in advance,
  Matthias

  has anyone ever used Elliptic Curve cryptography on a
  Java Card? I can't find any documentation and sample
  code about this topic, although it should be
  implemented in the new java card specifications.No, it can (not should) be implemented. The implementation of all cryptographic algorithms is optional.
  I would like to use ECC instead of RSA for encrypting
  a message and verifying a signature on a java card
  with a EC pubkey.
  If anyone could provide me with sample code or hints,
  that would be very helpful!The sample code wouldn't be too complicated to create (should be very similar to using RSA) but where do you execute this code? All emulators/simulators and the real Java Cards I know do not support ECC.
  I only heard rumours that "Trusted Logic" has Java Cards which support ECC, but I haven't checked that.
  Jan

• Elliptic Curve

  Hi to all, i'm an italian student and i must implements the BLS signature scheme in Java. BLS work on elliptic curve over finite field F3^m. I've seen elliptic curve in Java but over finite field F2^m. The question is: how i can do? Excuse me for my english and if something that i've write is wrong.
  Thanks to all.

  Hi,
  Firstly, please check if your card supports EC cryptography. You can find this information in product data sheet or ask the card manufacturer.
  I'm not sure if you can perform data encryption or decrytpion with ECC on JC. It is rather dedicated to sign/verify operation. Please find below modification of your sample code with sign and verify example.
          byte[] dataToSend = new byte[64];
          KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_128);
          ecKeyPair.genKeyPair();
          ECPrivateKey ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
          ECPublicKey ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
          Signature sig = Signature.getInstance(Signature.ALG_ECDSA_SHA, false);
          sig.init(ecPrivateKey, Signature.MODE_SIGN);
          short resLen = sig.sign(new byte[]{0,1,2,3}, (short)0, (short)4, dataToSend, (short)0);
          sig.init(ecPublicKey, Signature.MODE_VERIFY);
          if (!sig.verify(new byte[]{0,1,2,3}, (short)0, (short)4, dataToSend, (short)0, resLen))
              ISOException.throwIt(ISO7816.SW_WRONG_DATA);
  Regards

• What is the complexity of "Elliptic curve Pinstov Vanstone signature" algorithm?

  what is the complexity of "Elliptic curve Pinstov Vanstone signature" algorithm?

  Why do you ask? And why do you ask us?

• Elliptic curve coprocessor in JCOP

  I have some JCOP41/72K cards with support to ECC.
  I suppose the cards come with a coprocessor that performs the elliptic curve operations in binary fields, like reduction modulo irreducible polynomial and escalar multiplication of a point.
  I've already developed a signature scheme (ECDSA) in these cards using Java Card API.
  In ECDSA, the card performs all elliptic curve operations and gives the result.
  These operations are perfomed by the coprocessor in a transparent way when I ask to compute a ECDSA signature.
  Now I would like to develop other cryptosystems based on bilinear pairings.
  So I need to perform operations like reduction modulo irreducible polynomial and escalar multiplication of a point.
  Does anybody know if its possible to access the functionalities of the elliptic curve coprocessor of JCOP cards?
  If its possible, how can I do this?
  Thanks.

  Ok. Thanks for your reply.
  Please, could you answer the following questions or
  indicate where can I find the answers?
  - Is there a software like JCOP Tools to work with
  pure SmartMX cards? Is it free? No. You need to order pure SmartMX including the Crypto Lib from NXP directly .. best is you contact their product manager to find out the details and tools support.
  - Besides the card reader that I use to work with the
  MPCOS/GPK/GemXpresso/JCOP cards, is it necessary any
  other hardware?Probably an emulator.
  - Which programming language is used to program these
  cards? C and assembler.

• Flexiprovider, Elliptic curves

  Hi,
  has anyone used Flexi's class Point and PointGFP?
  Their arithmetic operations in particular and initializing a specific curve for them.
  Thanks!
  anyone? (:
  Edited by: sk16 on Apr 17, 2010 6:33 PM

  sk16 wrote:
  has anyone used Flexi's class Point and PointGFP?I suspect that a lot of people have used these classes either directly or indirectly since they are part of the core of the Flexi encryption libraries.

• Elliptic curve encryption with J2ME

  hi there.
  i'm using the bouncycastle apis to encrypt a small amount of data (e.g. 20 chars) using ECIES. All the documentation seems to point to ECC as being faster/requiring shorter keys/less power-hungry etc than RSA, however, with the example code I have, the encryption time on a high end mobile is ridiculous.
  I'm thinking that the example G, n, a, b, and Q are for larger key sizes. Does anyone know how I can generate these values for a 160b ECC key, or a good bouncycastle/j2me ECC tutorial/sample code?
  Thanks in advance.
  caid

  No Sun provider implements the EC algorithms at this time.
  Here's an easy solution that works (Using NSS):
  http://blogs.sun.com/andreas/entry/elliptic_curve_cryptography_in_java
  NSS has been recently FIPS re-approved.
  BouncyCastle is another option if FIPS doesn't matter to you at all and you want pure java.
  Edited by: dstutz on Mar 10, 2008 7:49 AM

• How to use elliptic curve encryption?

  Hi, are there any examples?
  I tried to get a key generator using KeyPairGenerator.getInstance("EC") but failed.
  And I also cannot get a cipher using Cipher.getInstance("EC").
  Thanks.

  No Sun provider implements the EC algorithms at this time.
  Here's an easy solution that works (Using NSS):
  http://blogs.sun.com/andreas/entry/elliptic_curve_cryptography_in_java
  NSS has been recently FIPS re-approved.
  BouncyCastle is another option if FIPS doesn't matter to you at all and you want pure java.
  Edited by: dstutz on Mar 10, 2008 7:49 AM

• Sun Java System Web Server 7.0 available

  I am delighted to announce that Sun Java System Web Server 7.0 is now available for download, purchase, deployment, and more.
  This release builds on the highly scalable and stable heritage of Web Server. It features an entirely re-designed Administration interface designed around clusters, easy access to frequently performed tasks, simplification of frequently performed tasks., and a fully scriptable command line interface featuring functional parity with the browser-based interface.
  In addition to the administration changes this release features:
  o Full 64-bit support for Solaris SPARC and Solaris AMD64 platforms
  o Regular expression pattern matching for URL re-writing and mass hosting
  o If/Then/Else constructs within request processing
  o Advanced sed based input and output filters
  o Dynamic loading of Certificate Revocation Lists (CRLs) without requiring daemon restart
  o Elliptic Curve Cryptography (ECC)
  o Built in request mapping for protection against abnormal load patterns and Denial of Service protection
  o WebDAV ACL support
  o Out-of-box Java support for Servlets 2.4, JSP 2.0, JSF 1.1, JSTL 1.1, JWSDP 2.0 based web services
  o Java session failover and recovery within a cluster of peers
  o Integrated HTTP reverse proxy User-Agent
  o Bundled FastCGI client for use with third party scripting environments such as Perl, PHP, Ruby on Rails, etc
  o Enhancement of perfdump, stats-xml, and SNMP as well as more ability to monitor the Java container and the ACL system
  o Much more
  The software can be downloaded from:
  http://www.sun.com/download/products.xml?id=45ad781d
  The documentation is available at:
  http://docs.sun.com/app/docs/coll/1308.3

  If 7.0 was released, how come http://www.sun.com/webserver still only talks about 6.1?

• Cisco ACS 4.2 and Windows 2008 R2 CA

  Has anyone been successfully in getting a cert off of a 2008 R2 CA and imported correct in to ACS 4.2?  I've had and have seen other have the problem with creating a web server certificate from R2 (1024 bit) and putting it in ACS 4.2 only to have HTTPS/SSL no longer work correctly.  I haven't even tested the intended purpose of the cert (EAP-TLS) yet, so who knows if that works.  I've also seen through searching where some one was able to take a 2003 CA web server template and put it into R2 and it work, but I know longer have 2003 available?  Any ideas?
  Thanks,
  Raun

  I have seen issues where the template on the R2 boxes are using elliptical curve cryptography, basically if the template has a '#" charcter in it is what I think causes this process to be used. Try to use a template that doesnt have this in the front and then try to generate a cert against the template you created.
  Here is a snip of the guide that I am forwarding you:
  Determining Whether to Implement Cryptography Next Generation Algorithms
  For Windows Server 2008–based version 3 certificate  templates, the option exists to configure advanced cryptographic  algorithms such as elliptic curve cryptography (ECC). Before configuring  these settings, ensure that the operating systems and applications  deployed in your environment can support these cryptographic algorithms.
  http://technet.microsoft.com/en-us/library/cc731705%28v=ws.10%29.aspx
  Screenshots in another article:
  http://technet.microsoft.com/en-us/library/cc725621%28v=ws.10%29.aspx
  Thanks,
  Tarik Admani

• I am having problems donloading and editing .asx files

  I am trying to edit some video that can only be downloaded in .asx format. It is drm-ed. I may just have to contact the poeple I am partenring with that I need the original video files but I will need to do this with many of the cliebts that I am partnering with. Not only will it become a nuisance and make my business move as though stuck in the mud...it makes it hard for me to trumpet the relative merits of Apple anything electronic in the world if I have to get parralel or something so that I can run (gasp) Windows.
  Please help!
  If there is another section I should post this in let me know. i figured Fimal Cut would be where the most knowledgeable amble about.

  FCE is video editing application. ASX are not video files, they're metadata information. By the sound of it you haven't downloaded the video files at all. ASF is a Windows format used for streaming, not for download.
  The ASX Format
  ASX (Advanced Stream Redirector) files are not media files, but metafiles.
  Metafiles provides information about files. ASX files are plain text files used to describe multimedia content:
  <ASX VERSION="3.0">
  <Title>Holiday 2001</Title>
  <Entry>
  <ref href="holiday-1.avi"/>
  </Entry>
  <Entry>
  <ref href="holiday-2.avi"/>
  </Entry>
  <Entry>
  <ref href="holiday-2.avi"/>
  </Entry>
  </ASX>
  The file above describes three multimedia files. When the ASX file is read by a player, the player can play the files described.
  Advanced Systems Format (formerly Advanced Streaming Format) is Microsoft's proprietary digital audio/digital video container format, especially meant for streaming media. ASF is part of the Windows Media framework.
  The format does not specify how (i.e. with which codec) the video or audio should be encoded; it just specifies the structure of the video/audio stream. This is similar to the function performed by the QuickTime, AVI, or Ogg container formats. One of the objectives of ASF was to support playback from digital media servers, HTTP servers, and local storage devices such as hard disk drives.
  ASF is based on serialized objects which are essentially byte sequences identified by a GUID marker.
  The most common filetypes contained within an ASF file are Windows Media Audio (WMA) and Windows Media Video (WMV). Note that the file extension abbreviations are similar in name to the codecs of the same name but are different things.
  ASF files can also contain objects representing metadata, such as the artist, title, album and genre for an audio track, or the director of a video track, much like the ID3 tags of MP3 files.
  Files containing only WMA audio can be named using a .wma extension, and files of only audio and video content may have the extension .wmv. Both may use the .asf extension if desired.
  Certain error-correcting techniques related to ASF are patented in the United States (United States Patent 6,041,345 Levi, et al. March 21, 2000) by Microsoft. Although the format is publicly documented by Microsoft, its license limits implementations to closed-source development projects only. Apple's iTunes software (for Windows) now has the capability to convert WMA files to any iTunes-supported format.[1]
  The ASF container provides the framework for digital rights management in Windows Media Audio and Windows Media Video. An analysis of an older scheme used in WMA reveals that it is using a combination of elliptic curve cryptography key exchange, DES block cipher, a custom block cipher, RC4 stream cipher and the SHA-1 hashing function.
  ASF files have MIME type application/vnd.ms-asf or video/x-ms-asf. (Advanced Stream Redirector (ASX) files also have MIME type video/x-ms-asf.)
  ASF container-based media is usually streamed on the internet either through the MMS protocol or the RTSP protocol.

• Case Insenstive URI

  I m having sun one 6.1 sp 2:
  I want to make some uri's case insenstive so for ex :
  http://mycompany.com/abc and http://mycompany.com/ABC or http://mycompany.com/AbC all should be treated same.
  I got some pointers that it can be done using filters and i will start on them but if any body is using it already can they share some code ?

  Please move to the latest version Web Server 7.0 update 4.
  Sun Java System Web Server 7.0 Release Notes What's New in This Release [http://docs.sun.com/app/docs/doc/819-2614/gduuv?a=view|http://docs.sun.com/app/docs/doc/819-2614/gduuv?a=view]
  * JMX Based Management Infrastructure
  * Redesigned Administration Server Interface
  * Command-Line Interface Support
  * Sun N1 Service Provisioning System Support
  * Consolidated Configuration Files
  * Java Servlet 2.4 and Java Server Pages (JSP) 2.0 Support
  * JavaServer Pages Standard Tag Library 1.1 and Java Server Faces 1.1 Support
  * JNDI Support
  * Java Database Connectivity and Connection Pooling Support
  * Java SE 5.0 and 6.0 Support
  * Integrated Java Web Services Developer Pack 2.0 Technologies
  * Lightweight Session Replication Support
  * URL Redirection and Rewriting with Regular Expressions
  * Extensive Real-Time Monitoring Support
  * Integrated Reverse Proxy
  * FastCGI Plug-in
  * Enhanced Security
  * Elliptic Curve Cryptography Support
  * NetBeans 5.0 and 5.5 Support
  * Sun Java Studio Enterprise Support
  * Localization Support

• MAC application:#PKCS#11 support ECC

  We have our PKCS#11 library developed which supports ECC(elliptic curve cryptography)(ECDSA/ECDH).
  Is there any application in MAC which can use our PKCS#11 library with ECC support to perform cryptographic operations.
  Regards
  Manish K Chauhan

  Thanks.
  for the sake of the record I fixed this by specifying a METHOD_DATA and DIRECTORY in sqlnet.ora like in
  ENCRYPTION_WALLET_LOCATION=
  (SOURCE=(METHOD=HSM)(METHOD_DATA=
  (DIRECTORY=/app/oracle/admin/SID1/wallet)))
  where the directory exists, as opposed to just
  ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=HSM))
  as it says in the doco...
  I have a new issue, which I'll start a new thread for.

• J2se 1.5 download

  i need j2se1.5 software.but browsing thru sun's list of downloads i found tht the jdk5.0 is not available for download.only the updates are available.however i need the 5.0 version immediately.let me know from where i can download the software.
  i need the software to be able to use the functions required for elliptic curve cryptography algorithm as i heard they are available in this version. are the required functions present in the jdk6.0 version also?

  i need j2se1.5 software.but browsing thru sun's list
  of downloads i found tht the jdk5.0 is not available
  for download.only the updates are available.however i
  need the 5.0 version immediately.let me know from
  where i can download the software.
  i need the software to be able to use the functions
  required for elliptic curve cryptography algorithm as
  i heard they are available in this version. are the
  required functions present in the jdk6.0 version also?Yes, classes or methods are not removed.
  Btw. E.g. JDK 1.5 update X is a full release, it's not a patch.
  Kaj

• AAA and Certificate Based VPN

  We have a pair of 5520 firewalls with a traditional setup of AAA vpn authenication on the backend. We are looking to do some proof of concepts with a certificate based VPN and the Anyconnect client on startup.
  To set this up, I have my existing VPN profile that has AAA authenciation and created a new VPN profile for cerificate based authenication. I also have the ASA setup so the user is allowed to choose which profile they want to connect to.
  However, once I create my cerificate based VPN profile any client that doesn't have a certificate fails to connect because they don't have a valid cerficate without having the option to choose the AAA only profile. If a machine does have a certificate, they then get the option to choose AAA or Cerficate based profile.
  Is there any way to setup the ASA to accept clients without a cerificate to use the AAA authenication while still having the cerficate based profile enabled for doing a proof of concept?
  Thanks

  Hi CrankyMonkey, 
  9.4 image includes new features for SSLTLS that might be impacting your certificate authentication. 
  "Elliptic curve cryptography for SSL/TLS—When an elliptic curve-capable SSL VPN client connects to the ASA, the elliptic curve cipher suite will be negotiated, and the ASA will present the SSL VPN client with an elliptic curve certificate, even when the corresponding interface has been configured with an RSA-based trustpoint. To avoid having the ASA present a self-signed SSL certificate, the administrator needs to remove the corresponding cipher suites using the ssl cipher command. For example, for an interface configured with an RSA trustpoint, the administrator can execute the following command so that only RSA based ciphers are negotiated"
  As workaround you can try to use the following cipher configuration and check if works.
  ssl cipher tlsv1.2 custom "AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA" 
  Reference link
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html
  Rate if helps.
  -Randy