The P and PwithParams options are for the same curves P-256, P-384 and P-521. The only difference is the way the curve is represented in the certificate itself. For the “P”(ECCP) options, the curve is identified by ASN.1 OID (implicitly listed in the certificate by specifying the standardized name of the curve). For the “PwithParams” (ECCPWithParams) options, the specific parameters of the curve are listed (the curve is explicitly defined in the certificate). This is explained in the section 2.3.5 ECDSA and ECDH Keys of RFC 3279 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, as follows.
ECDSA and ECDH require use of certain parameters with the public key. The parameters may be inherited from the issuer, implicitly included through reference to a "named curve," or explicitly included in the certificate. EcpkParameters ::= CHOICE { ecParameters ECParameters, namedCurve OBJECT IDENTIFIER, implicitlyCA NULL } When the parameters are inherited, the parameters field SHALL contain implictlyCA, which is the ASN.1 value NULL. When parameters are specified by reference, the parameters field SHALL contain the named-Curve choice, which is an object identifier. When the parameters are explicitly included, they SHALL be encoded in the ASN.1 structure ECParameters
An extract of two example certificates of each type are below. The full certificates are attached for your reference.
ASN.1 output for an example certificate with ECCP algorithm issued from RCM:
0 438: SEQUENCE { 4 277: SEQUENCE { 8 17: INTEGER 00 F9 44 6F 9A 36 9D 30 D8 EA 6E 34 43 EF 11 6D 5F 27 12: SEQUENCE { 29 8: OBJECT IDENTIFIER ecdsaWithSHA512 (1 2 840 10045 4 3 4) 39 0: NULL : } 41 25: SEQUENCE { 43 23: SET { 45 21: SEQUENCE { 47 3: OBJECT IDENTIFIER commonName (2 5 4 3) 52 14: PrintableString 'TestCAWithECCP' : } : } : } 68 30: SEQUENCE { 70 13: UTCTime 06/11/2015 09:10:27 GMT 85 13: UTCTime 06/11/2018 09:10:28 GMT : } 100 25: SEQUENCE { 102 23: SET { 104 21: SEQUENCE { 106 3: OBJECT IDENTIFIER commonName (2 5 4 3) 111 14: PrintableString 'TestCAWithECCP' : } : } : } 127 155: SEQUENCE { 130 16: SEQUENCE { 132 7: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) 141 5: OBJECT IDENTIFIER secp521r1 (1 3 132 0 35) : } 148 134: BIT STRING : 04 01 37 22 FD 16 C6 4B EA 4D BD 22 01 DB D7 D4 : F3 44 09 F5 37 E1 B1 05 8D 5D 13 93 A1 8B BF 16 : 24 31 9E 9A E8 70 61 17 4C 61 8B 73 11 46 35 30 : A9 58 F0 95 F3 35 88 0B 2D BB 0D 49 E2 35 C9 24 : FC 2E 23 01 0B 15 97 74 0E F1 72 87 35 5D E9 24 : F6 A1 D4 B4 0B 0C 2F AD 78 4A 4E 3F FC A4 5B 1E : ED 22 56 E9 4B E2 3D 39 6C 3E 25 1B 32 17 FB B5 : 05 84 AB CC C6 14 00 AA DF 2B 1F F7 39 2D B3 A3 : 8F 2C 5D 21 82 : } : } 285 12: SEQUENCE { 287 8: OBJECT IDENTIFIER ecdsaWithSHA512 (1 2 840 10045 4 3 4) 297 0: NULL : } 299 140: BIT STRING : 30 81 88 02 42 01 5F 63 74 29 64 52 6F D4 CE 31 : 3D D8 8C A8 E3 69 AA 8D 05 D6 4B 41 51 A7 7A D9 : 5F D1 3F 51 CA F7 17 5D 55 CF 32 60 49 F3 1E 5B : BF 6B DD F0 EA C4 96 03 89 20 BB 9D 72 E5 BB 26 : 27 8F 43 5C CE 19 60 02 42 01 96 0C F4 D9 B0 EC : 1B 3D 1B 2A B9 8B 5E 2C D1 59 C8 C7 55 6E C8 91 : 1C 0E 6B 23 F4 95 AC 97 69 04 13 C5 ED 96 71 DE : E5 DA EE 28 A2 C0 E9 C1 82 0F FD 79 09 BA 7C 9F : 08 76 68 B0 0E B0 E0 9B B2 7F 4B : } ASN.1 output for an example certificate with ECCPWithParams algorithm issued from RCM: 0 884: SEQUENCE { 4 724: SEQUENCE { 8 16: INTEGER 69 C4 30 DA D8 6C 22 35 8C F4 AE 12 26 C0 A3 8D 26 12: SEQUENCE { 28 8: OBJECT IDENTIFIER ecdsaWithSHA512 (1 2 840 10045 4 3 4) 38 0: NULL : } 40 35: SEQUENCE { 42 33: SET { 44 31: SEQUENCE { 46 3: OBJECT IDENTIFIER commonName (2 5 4 3) 51 24: PrintableString 'TestCAWithECCPWithParams' : } : } : } 77 30: SEQUENCE { 79 13: UTCTime 06/11/2015 09:03:48 GMT 94 13: UTCTime 06/11/2018 09:03:48 GMT : } 109 35: SEQUENCE { 111 33: SET { 113 31: SEQUENCE { 115 3: OBJECT IDENTIFIER commonName (2 5 4 3) 120 24: PrintableString 'TestCAWithECCPWithParams' : } : } : } 146 582: SEQUENCE { 150 441: SEQUENCE { 154 7: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) 163 428: SEQUENCE { 167 1: INTEGER 1 170 77: SEQUENCE { 172 7: OBJECT IDENTIFIER prime-field (1 2 840 10045 1 1) 181 66: INTEGER : 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF : } 249 136: SEQUENCE { 252 66: OCTET STRING : 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FC 320 66: OCTET STRING : 00 51 95 3E B9 61 8E 1C 9A 1F 92 9A 21 A0 B6 85 : 40 EE A2 DA 72 5B 99 B3 15 F3 B8 B4 89 91 8E F1 : 09 E1 56 19 39 51 EC 7E 93 7B 16 52 C0 BD 3B B1 : BF 07 35 73 DF 88 3D 2C 34 F1 EF 45 1F D4 6B 50 : 3F 00 : } 388 133: OCTET STRING : 04 00 C6 85 8E 06 B7 04 04 E9 CD 9E 3E CB 66 23 : 95 B4 42 9C 64 81 39 05 3F B5 21 F8 28 AF 60 6B : 4D 3D BA A1 4B 5E 77 EF E7 59 28 FE 1D C1 27 A2 : FF A8 DE 33 48 B3 C1 85 6A 42 9B F9 7E 7E 31 C2 : E5 BD 66 01 18 39 29 6A 78 9A 3B C0 04 5C 8A 5F : B4 2C 7D 1B D9 98 F5 44 49 57 9B 44 68 17 AF BD : 17 27 3E 66 2C 97 EE 72 99 5E F4 26 40 C5 50 B9 : 01 3F AD 07 61 35 3C 70 86 A2 72 C2 40 88 BE 94 : 76 9F D1 66 50 524 66: INTEGER : 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF : FF FA 51 86 87 83 BF 2F 96 6B 7F CC 01 48 F7 09 : A5 D0 3B B5 C9 B8 89 9C 47 AE BB 6F B7 1E 91 38 : 64 09 592 1: INTEGER 1 : } : } 595 134: BIT STRING : 04 00 F7 80 32 9D 28 CA E4 E7 24 B7 98 32 37 37 : 0A 77 B4 8D A6 A0 63 05 77 98 83 9C 1F 39 91 D5 : 53 E0 83 B4 3D 2F 86 22 5C 21 AF D9 2B FD 27 8D : AD 68 F2 4F 42 EC BF B3 C5 87 16 BE 16 2D 1C F6 : E4 F3 D3 00 8F 78 79 D4 FF E7 AD C1 F6 B3 47 1A : F5 3B D3 50 D1 46 76 7C 56 89 D9 3B F3 C8 58 B3 : E3 6A DB D7 1F 4C 55 28 9E E4 BF 7A EE 8B E8 D3 : 9C 5A FE 08 23 20 91 52 AB 9F DE 16 87 67 AA 52 : 4E 73 2B 52 AF : } : } 732 12: SEQUENCE { 734 8: OBJECT IDENTIFIER ecdsaWithSHA512 (1 2 840 10045 4 3 4) 744 0: NULL : } 746 139: BIT STRING : 30 81 87 02 42 01 9F DB 8F 00 41 67 10 22 19 64 : DB 6F FE 55 46 37 3B B8 CE 54 79 DA 5F 81 41 18 : 14 23 FA 58 DD A2 BE 68 A4 7B 33 E2 73 19 36 B9 : C8 17 E2 0B FF 76 71 E0 F2 5D 83 8F 70 CA A6 0D : D9 1A 2B 78 38 B7 EB 02 41 59 FF 55 C8 00 4C 81 : 71 4C 49 1A AE 22 7F C7 17 4D 99 5E 85 22 85 9A : D8 6E D8 21 8E A4 D0 5B 64 91 71 2A 74 67 BA 8B : FA 99 F6 41 CB A2 AF B5 ED 0D D4 03 03 6A AA A3 : 4E 0F 47 9A 24 EE 72 2A 94 4A : } |