本文主要是介绍openssl3.2 - exp - 选择最好的内建椭圆曲线,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
文章目录
- openssl3.2 - exp - 选择最好的内建椭圆曲线
- 概述
- 笔记
- 将 openssl ecparam -list_curves 实现迁移到自己的demo工程
- 备注
- END
openssl3.2 - exp - 选择最好的内建椭圆曲线
概述
在openssl中使用椭圆曲线, 只允许选择椭圆曲线的名字, 无法给定椭圆曲线的位数.
估计每种椭圆曲线都有固定的位数(bit prime field)
openssl.exe有命令可以列出全部的椭圆曲线列表
openssl ecparam -list_curves
D:\my_tmp>openssl ecparam -list_curvessecp112r1 : SECG/WTLS curve over a 112 bit prime fieldsecp112r2 : SECG curve over a 112 bit prime fieldsecp128r1 : SECG curve over a 128 bit prime fieldsecp128r2 : SECG curve over a 128 bit prime fieldsecp160k1 : SECG curve over a 160 bit prime fieldsecp160r1 : SECG curve over a 160 bit prime fieldsecp160r2 : SECG/WTLS curve over a 160 bit prime fieldsecp192k1 : SECG curve over a 192 bit prime fieldsecp224k1 : SECG curve over a 224 bit prime fieldsecp224r1 : NIST/SECG curve over a 224 bit prime fieldsecp256k1 : SECG curve over a 256 bit prime fieldsecp384r1 : NIST/SECG curve over a 384 bit prime fieldsecp521r1 : NIST/SECG curve over a 521 bit prime fieldprime192v1: NIST/X9.62/SECG curve over a 192 bit prime fieldprime192v2: X9.62 curve over a 192 bit prime fieldprime192v3: X9.62 curve over a 192 bit prime fieldprime239v1: X9.62 curve over a 239 bit prime fieldprime239v2: X9.62 curve over a 239 bit prime fieldprime239v3: X9.62 curve over a 239 bit prime fieldprime256v1: X9.62/SECG curve over a 256 bit prime fieldsect113r1 : SECG curve over a 113 bit binary fieldsect113r2 : SECG curve over a 113 bit binary fieldsect131r1 : SECG/WTLS curve over a 131 bit binary fieldsect131r2 : SECG curve over a 131 bit binary fieldsect163k1 : NIST/SECG/WTLS curve over a 163 bit binary fieldsect163r1 : SECG curve over a 163 bit binary fieldsect163r2 : NIST/SECG curve over a 163 bit binary fieldsect193r1 : SECG curve over a 193 bit binary fieldsect193r2 : SECG curve over a 193 bit binary fieldsect233k1 : NIST/SECG/WTLS curve over a 233 bit binary fieldsect233r1 : NIST/SECG/WTLS curve over a 233 bit binary fieldsect239k1 : SECG curve over a 239 bit binary fieldsect283k1 : NIST/SECG curve over a 283 bit binary fieldsect283r1 : NIST/SECG curve over a 283 bit binary fieldsect409k1 : NIST/SECG curve over a 409 bit binary fieldsect409r1 : NIST/SECG curve over a 409 bit binary fieldsect571k1 : NIST/SECG curve over a 571 bit binary fieldsect571r1 : NIST/SECG curve over a 571 bit binary fieldc2pnb163v1: X9.62 curve over a 163 bit binary fieldc2pnb163v2: X9.62 curve over a 163 bit binary fieldc2pnb163v3: X9.62 curve over a 163 bit binary fieldc2pnb176v1: X9.62 curve over a 176 bit binary fieldc2tnb191v1: X9.62 curve over a 191 bit binary fieldc2tnb191v2: X9.62 curve over a 191 bit binary fieldc2tnb191v3: X9.62 curve over a 191 bit binary fieldc2pnb208w1: X9.62 curve over a 208 bit binary fieldc2tnb239v1: X9.62 curve over a 239 bit binary fieldc2tnb239v2: X9.62 curve over a 239 bit binary fieldc2tnb239v3: X9.62 curve over a 239 bit binary fieldc2pnb272w1: X9.62 curve over a 272 bit binary fieldc2pnb304w1: X9.62 curve over a 304 bit binary fieldc2tnb359v1: X9.62 curve over a 359 bit binary fieldc2pnb368w1: X9.62 curve over a 368 bit binary fieldc2tnb431r1: X9.62 curve over a 431 bit binary fieldwap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime fieldOakley-EC2N-3:IPSec/IKE/Oakley curve #3 over a 155 bit binary field.Not suitable for ECDSA.Questionable extension field!Oakley-EC2N-4:IPSec/IKE/Oakley curve #4 over a 185 bit binary field.Not suitable for ECDSA.Questionable extension field!brainpoolP160r1: RFC 5639 curve over a 160 bit prime fieldbrainpoolP160t1: RFC 5639 curve over a 160 bit prime fieldbrainpoolP192r1: RFC 5639 curve over a 192 bit prime fieldbrainpoolP192t1: RFC 5639 curve over a 192 bit prime fieldbrainpoolP224r1: RFC 5639 curve over a 224 bit prime fieldbrainpoolP224t1: RFC 5639 curve over a 224 bit prime fieldbrainpoolP256r1: RFC 5639 curve over a 256 bit prime fieldbrainpoolP256t1: RFC 5639 curve over a 256 bit prime fieldbrainpoolP320r1: RFC 5639 curve over a 320 bit prime fieldbrainpoolP320t1: RFC 5639 curve over a 320 bit prime fieldbrainpoolP384r1: RFC 5639 curve over a 384 bit prime fieldbrainpoolP384t1: RFC 5639 curve over a 384 bit prime fieldbrainpoolP512r1: RFC 5639 curve over a 512 bit prime fieldbrainpoolP512t1: RFC 5639 curve over a 512 bit prime fieldSM2 : SM2 curve over a 256 bit prime field比较每种椭圆曲线的质数域位数, 挑出最大的那个.
sect571k1 : NIST/SECG curve over a 571 bit binary field
sect571r1 : NIST/SECG curve over a 571 bit binary field
可知, 质数域位数最大的椭圆曲线有2个 : sect571k1 或者 sect571r1, 位数都是571位.
笔记
将 openssl ecparam -list_curves 实现迁移到自己的demo工程
想看看官方怎么实现的这个命令.
/*!
* \file exp017_ecparam_list_curves.cpp
* \note 看看openssl如何实现命令 openssl ecparam -list_curves
*/#include "my_openSSL_lib.h"
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/ec.h>
#include <openssl/objects.h>#include <stdlib.h>
#include <stdio.h>
#include <assert.h>#include "CMemHookRec.h"void my_openssl_app();
int list_builtin_curves(BIO* out);int main(int argc, char** argv)
{setvbuf(stdout, NULL, _IONBF, 0); // 清掉stdout缓存, 防止调用printf时阻塞mem_hook();my_openssl_app();mem_unhook();/*! run resultlist_builtin_curves, cnt = 82--------------------secp112r1 : -20SECG/WTLS curve over a 112 bit prime fieldsecp112r2 : -20SECG curve over a 112 bit prime fieldsecp128r1 : -20SECG curve over a 128 bit prime fieldsecp128r2 : -20SECG curve over a 128 bit prime fieldsecp160k1 : -20SECG curve over a 160 bit prime fieldsecp160r1 : -20SECG curve over a 160 bit prime fieldsecp160r2 : -20SECG/WTLS curve over a 160 bit prime fieldsecp192k1 : -20SECG curve over a 192 bit prime fieldsecp224k1 : -20SECG curve over a 224 bit prime fieldsecp224r1 : -20NIST/SECG curve over a 224 bit prime fieldsecp256k1 : -20SECG curve over a 256 bit prime fieldsecp384r1 : -20NIST/SECG curve over a 384 bit prime fieldsecp521r1 : -20NIST/SECG curve over a 521 bit prime fieldprime192v1 : -20NIST/X9.62/SECG curve over a 192 bit prime fieldprime192v2 : -20X9.62 curve over a 192 bit prime fieldprime192v3 : -20X9.62 curve over a 192 bit prime fieldprime239v1 : -20X9.62 curve over a 239 bit prime fieldprime239v2 : -20X9.62 curve over a 239 bit prime fieldprime239v3 : -20X9.62 curve over a 239 bit prime fieldprime256v1 : -20X9.62/SECG curve over a 256 bit prime fieldsect113r1 : -20SECG curve over a 113 bit binary fieldsect113r2 : -20SECG curve over a 113 bit binary fieldsect131r1 : -20SECG/WTLS curve over a 131 bit binary fieldsect131r2 : -20SECG curve over a 131 bit binary fieldsect163k1 : -20NIST/SECG/WTLS curve over a 163 bit binary fieldsect163r1 : -20SECG curve over a 163 bit binary fieldsect163r2 : -20NIST/SECG curve over a 163 bit binary fieldsect193r1 : -20SECG curve over a 193 bit binary fieldsect193r2 : -20SECG curve over a 193 bit binary fieldsect233k1 : -20NIST/SECG/WTLS curve over a 233 bit binary fieldsect233r1 : -20NIST/SECG/WTLS curve over a 233 bit binary fieldsect239k1 : -20SECG curve over a 239 bit binary fieldsect283k1 : -20NIST/SECG curve over a 283 bit binary fieldsect283r1 : -20NIST/SECG curve over a 283 bit binary fieldsect409k1 : -20NIST/SECG curve over a 409 bit binary fieldsect409r1 : -20NIST/SECG curve over a 409 bit binary fieldsect571k1 : -20NIST/SECG curve over a 571 bit binary field // !!! best one sect571r1 : -20NIST/SECG curve over a 571 bit binary field // !!! best onec2pnb163v1 : -20X9.62 curve over a 163 bit binary fieldc2pnb163v2 : -20X9.62 curve over a 163 bit binary fieldc2pnb163v3 : -20X9.62 curve over a 163 bit binary fieldc2pnb176v1 : -20X9.62 curve over a 176 bit binary fieldc2tnb191v1 : -20X9.62 curve over a 191 bit binary fieldc2tnb191v2 : -20X9.62 curve over a 191 bit binary fieldc2tnb191v3 : -20X9.62 curve over a 191 bit binary fieldc2pnb208w1 : -20X9.62 curve over a 208 bit binary fieldc2tnb239v1 : -20X9.62 curve over a 239 bit binary fieldc2tnb239v2 : -20X9.62 curve over a 239 bit binary fieldc2tnb239v3 : -20X9.62 curve over a 239 bit binary fieldc2pnb272w1 : -20X9.62 curve over a 272 bit binary fieldc2pnb304w1 : -20X9.62 curve over a 304 bit binary fieldc2tnb359v1 : -20X9.62 curve over a 359 bit binary fieldc2pnb368w1 : -20X9.62 curve over a 368 bit binary fieldc2tnb431r1 : -20X9.62 curve over a 431 bit binary fieldwap-wsg-idm-ecid-wtls1: -20WTLS curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls3: -20NIST/SECG/WTLS curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls4: -20SECG curve over a 113 bit binary fieldwap-wsg-idm-ecid-wtls5: -20X9.62 curve over a 163 bit binary fieldwap-wsg-idm-ecid-wtls6: -20SECG/WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls7: -20SECG/WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls8: -20WTLS curve over a 112 bit prime fieldwap-wsg-idm-ecid-wtls9: -20WTLS curve over a 160 bit prime fieldwap-wsg-idm-ecid-wtls10: -20NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls11: -20NIST/SECG/WTLS curve over a 233 bit binary fieldwap-wsg-idm-ecid-wtls12: -20WTLS curve over a 224 bit prime fieldOakley-EC2N-3 : -20IPSec/IKE/Oakley curve #3 over a 155 bit binary field.Not suitable for ECDSA.Questionable extension field!Oakley-EC2N-4 : -20IPSec/IKE/Oakley curve #4 over a 185 bit binary field.Not suitable for ECDSA.Questionable extension field!brainpoolP160r1 : -20RFC 5639 curve over a 160 bit prime fieldbrainpoolP160t1 : -20RFC 5639 curve over a 160 bit prime fieldbrainpoolP192r1 : -20RFC 5639 curve over a 192 bit prime fieldbrainpoolP192t1 : -20RFC 5639 curve over a 192 bit prime fieldbrainpoolP224r1 : -20RFC 5639 curve over a 224 bit prime fieldbrainpoolP224t1 : -20RFC 5639 curve over a 224 bit prime fieldbrainpoolP256r1 : -20RFC 5639 curve over a 256 bit prime fieldbrainpoolP256t1 : -20RFC 5639 curve over a 256 bit prime fieldbrainpoolP320r1 : -20RFC 5639 curve over a 320 bit prime fieldbrainpoolP320t1 : -20RFC 5639 curve over a 320 bit prime fieldbrainpoolP384r1 : -20RFC 5639 curve over a 384 bit prime fieldbrainpoolP384t1 : -20RFC 5639 curve over a 384 bit prime fieldbrainpoolP512r1 : -20RFC 5639 curve over a 512 bit prime fieldbrainpoolP512t1 : -20RFC 5639 curve over a 512 bit prime fieldSM2 : -20SM2 curve over a 256 bit prime field--------------------free map, g_mem_hook_map.size() = 0*/return 0;
}void my_openssl_app()
{BIO* bio_out = NULL;do {bio_out = BIO_new_fp(stdout, 0);if (NULL == bio_out){break;}list_builtin_curves(bio_out);} while (false);if (NULL != bio_out){BIO_free(bio_out);bio_out = NULL;}
}int list_builtin_curves(BIO* out)
{int ret = 0;EC_builtin_curve* curves = NULL;size_t n, crv_len = EC_get_builtin_curves(NULL, 0);BIO_printf(out, "list_builtin_curves, cnt = %d\n", crv_len);curves = (EC_builtin_curve*)OPENSSL_malloc(sizeof(*curves) * crv_len);if (!EC_get_builtin_curves(curves, crv_len)){BIO_printf(out, "err\n");goto end;}BIO_printf(out, "--------------------\n");for (n = 0; n < crv_len; n++) {const char* comment = curves[n].comment;const char* sname = OBJ_nid2sn(curves[n].nid);if (comment == NULL)comment = "CURVE DESCRIPTION NOT AVAILABLE";if (sname == NULL)sname = "";BIO_printf(out, " %-20s: -20%s\n", sname, comment);}BIO_printf(out, "--------------------\n");ret = 1;
end:OPENSSL_free(curves);return ret;
}备注
从查到的资料看, ECC521就比普通的RSA位数强多了.
现在主流网站用的RSA证书位数都是4096(e.g. MS主站)
sect571k1, sect571r1的位数是571位, 强度应该更高吧.
END
这篇关于openssl3.2 - exp - 选择最好的内建椭圆曲线的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
![C#实战|大乐透选号器[6]:实现实时显示已选择的红蓝球数量](https://i-blog.csdnimg.cn/direct/cda2638386c64e8d80479ab11fcb14a9.png)
