000022544 - How does ECC work on the client side

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022544
Applies ToRSA Certificate Manager 6.7
Microsoft Windows 2003 Server SP1
Elliptic curve cryptography (ECC)
IssueHow does ECC work on the client side
Created a CA on RSA Certificate Manager (RCM) using ECC. On the client side, used latest Firefox version on Linux.  When a user makes a certificate request, the only options are for two key sizes. There is nothing about ECC.
Resolution

The key sizes shown on the client browser has nothing to do with ECC CAs. The client browser is showing RSA key sizes. The keys are generated at client side (on the browser) and then the request is approved on the RCM admin server; there the certificate is issued by ECC CA. The client?s key size will be based on the key size selected at the time of request generation; it is not based on CA?s key size. The certificate?s signature algorithm will be ECDSA.

The ECC A and ECC B algorithms supported by RCM are not mentioned in the Suite B.

The following two are koblitz curves:
ECC A 163 - sect163k1
ECC A 239 - sect239k1

The following two are verifiably random curves:
ECC B 163 - sect163r1
ECC B 239 - sect239r1

Legacy Article IDa37332

Attachments

    Outcomes