XudaCryptoECCCurvesP “P” elliptic curves with curve OID.
XudaCryptoECCCurvesPWithParams BSAFE “P” elliptic curves with explicit curve parameters.
When creating a new certificate authority (CA) within the RSA Certificate Manager Administration Console, these appear as Signing AlgorithmsECCA, ECCB, ECCP and ECCPwithParams, respectively:
What is the difference between the "P" curves with (ECCPWithParams) and without Params (ECCP)?
The P and PwithParams options are for the same curves P-256, P-384 and P-521. The only difference is the way the curve is represented in the certificate itself. For the “P”(ECCP) options, the curve is identified by ASN.1 OID (implicitly listed in the certificate by specifying the standardized name of the curve). For the “PwithParams” (ECCPWithParams) options, the specific parameters of the curve are listed (the curve is explicitly defined in the certificate).
ECDSA and ECDH require use of certain parameters with the public key. The parameters may be inherited from the issuer, implicitly included through reference to a "named curve," or explicitly included in the certificate.
When the parameters are inherited, the parameters field SHALL contain implictlyCA, which is the ASN.1 value NULL. When parameters are specified by reference, the parameters field SHALL contain the named-Curve choice, which is an object identifier. When the parameters are explicitly included, they SHALL be encoded in the ASN.1 structure ECParameters
An extract of two example certificates of each type are below. The full certificates are attached for your reference.
ASN.1 output for an example certificate with ECCP algorithm issued from RCM:
Reference: Bassham, L., Polk, W., and R. Housley, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 3279, DOI 10.17487/RFC3279, April 2002, <http://www.rfc-editor.org/info/rfc3279>.