I've been using RSA key-pairs in my application so far. But after some
research, I'm considering switching to an elliptic-curve-based
algorithm, because it uses much smaller keys for comparable security
levels. This would make my certs and signed/encrypted data smaller*,
and allow more headroom for moving to longer keys later for higher
security. (The NSA is apparently doing the same, according to a paper
on their website.)
My questions:
• To convert my CDSA/Keychain based code, do I just need to change the
algorithm IDs (replacing RSA with FEE) and key sizes? Or are there
other issues to consider?
• My app uses a 3rd party networking library that uses OpenSSL to
implement SSL/TLS connections. Does OpenSSL (the version in 10.5)
support the same ECC algorithm(s) as CDSA? I.e. can I use the same key-
pairs with both?
Thanks,
—Jens
* Yes, shaving key lengths from 2048 down to 192 bits actually is a
significant win in a few places in my app. I am stuffing keys and
signed blobs into IP packets, which should be under 1500 bytes to
avoid fragmentation. I'm also considering putting keys into barcodes
(like QR-codes.)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
