Why would I want to use Elliptic Curve?
Some ciphers are considered stronger than others. For example certificates with Elliptic Curve algorithms are now considered better than using the well known RSA. They are more secure and use less resources. Over time certificates with Elliptic Curves may become the norm. See here.
If you change to use a different algorithm you need to make sure that both ends of the TLS connection support it. If a cipher spec beginning with TLS_ECDHE is the only cipher spec available, it may not work with certificates with RSA.
When you create a certificate you first create the private key, and then make the public certificate. You can sometimes combine this into one operation.
April 2021 – I had added some information on using strkmqikr, runmqakm and runmqckm not working.
To make a private key using Elliptic Curve
Use
openssl genpkey -out $name.key.pem -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -aes256 -pass file:password.file
where
- $name – I create the certificate in a shell script. As the name of the certificate is used in many places – it is best to use a shell variable to hold the short certificate name.
- -algorithm EC says this is an Elliptic Curve
- P-256 is the Elliptic Curve definition to use. This is a popular key; it has a key length of 256. It is also known as prime256v1.
- -aes256 -pass file:password.file says encrypt the private key using the aes 256 cipher spec (there are others available) – and use the password in the file. You need this when doing working with private key and public certificate, for example creating the certificate request. If you do not specify -aes256 (or equivilant) etc the private key is not encrypted, and so could be used if stolen. This is not used during TLS handshakes.
Or (the old syntax )
openssl ecparam -name prime256v1 -genkey -noout -out $name.key.pem …
You then create the request and get the request signed (this is common to all requests)
name=”eccert”
openssl req -config xxx.config -new -key $name.key.pem -out $name.csr -outform PEM -subj “/C=GB/O=cpwebuser/CN=”$name -passin file:password.file -passout file:password.file
openssl ca -config openssl-ca-user.cnf -policy signing_policy -md sha256 -cert ca2.pem -keyfile ca2.key.pem -out $name.pem -in $name.csr -extensions clientServer
The command openssl x509 -in eccert.pem -text -noout|less displays the certificate and gives
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:...
ce:60:63:03:84
ASN1 OID: prime256v1
NIST CURVE: P-256
During the TLS handshake, this can be processed by CipherSpecs TLS_EC*, such as TLS_ECDH… and TLS_ECDHE…
If you use openssl ecparam -name secp521r1 this gives Public Key Algorithm: id-ecPublicKey Public-Key: (521 bit)
To make a private key using RSA
Use
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out $name.key.pem -aes256 -pass pass:password
Or (the old syntax)
openssl genrsa -out $name.key.pem 4096 -aes256 -pass pass:password
where
- rsa_keygen_bits:4096 – is the size of the key to use.
- -aes256 -pass pass:password says encrypt the private key using the aes 256 cipher spec (there are others available) – the password is password. You need this when doing working with private key and public certificate. This is not used during TLS handshakes.
You make the request and get it signed (the statements below are the same as for the EC certificate)
name=”rsa”
ca=”ca2″
openssl req -config xxx.config -new -key $name.key.pem -out $name.csr -outform PEM -subj “/C=GB/O=cpwebuser/CN=”$name -passin file:password.file -passout file:password.file
openssl ca -config openssl-ca-user.cnf -policy signing_policy -md sha256 -cert $ca.pem -keyfile $c2.key.pem -out $name.pem -in $name.csr -extensions clientServer
The command openssl x509 -in rsa.pem -text -noout|less displays the certificate and gives
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d0:88:d2:d0:86:34:82:bb:1a:7b:a0:6d:37:fd:
...
1e:3d:31
Exponent: 65537 (0x10001)
During the TLS handshake, this can be processed by CipherSpecs TLS_RSA*.
Changing the Signature Algorithm:
With a java program, you can use java.security to limit which Security Algorithms are allowed during the handshake, and so prevent certificates from being used.
As part of the TLS handshake there is a conversation about the encryption of the certificate. For example listing an RSA certificate gives
Signature Algorithm: sha256WithRSAEncryption
You can change this by using
openssl ca … -md sha384
This gives
Signature Algorithm: sha384WithRSAEncryption
For an Elliptic Curve certificate this was
Signature Algorithm: ecdsa-with-SHA256 with the default -md (sha256) or Signature Algorithm: ecdsa-with-SHA384 ( when -md sha384 is specified)
Storing the certificate
I used a script to generate my certificate. In this script I had
- openssl x509 -in $name.pem -text -noout|less to display the certificate, and check the options
- openssl pkcs12 -export -inkey $name.key.pem -in $name.pem -out $name.p12 -CAfile ca256.pem -chain -name $name -passout file:password.file -passin file:password.file to create the *.p12 file with the certificate and CA chain, so it can be used by java, and curl etc
- certutil -D $sql -n $name remove the certificate from the Chrome browser keystore. Where sql=”-d sql:/home/colinpaice/snap/chromium/current/.pki/nssdb”
- pk12util -i $name.p12 $sql -W password to add the .p12 created above into the Chromium keystore (along with its CA chain)
Using the certificate
For my java programs I used the certificate keystore sssks.p12 with -Djavax.net.ssl.keyStore=/home/colinpaice/ssl/ssl2/sssks.p12 -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.keyStoreType=pkcs12, or for mqwebuser.xml <keyStore id=”defaultKeyStore” location=”/home/colinpaice/ssl/sssks.p12″ type=”pkcs12″ password=”password”/>
How to use strmqikm, runmqakm and runmqckm.
I had a question about doing this with cms repositories used by MQ.
For a long time I could not see how to create an certificate using Elliptic curve. It was well hidden (inplain sight) but I eventually found it.
Using runmqakm
If you specify the signing algorithm (-sig_alg) with (you can use either value)
- SHA224WithECDSA | EC_ecdsa_with_SHA224
- SHA256WithECDSA | EC_ecdsa_with_SHA256
- SHA384WithECDSA | EC_ecdsa_with_SHA384
- SHA512WithECDSA | EC_ecdsa_with_SHA512
then the certificate uses an Elliptic Curve. For example
runmqckm -cert -create -sig_alg EC_ecdsa_with_SHA224 -db zzclient.kdb -dn “CN=EC,O=EC” -label EC2 -stashed
then display it using
runmqakm -cert -details -db zzclient.kdb -label EC -stashed
It gave
Public Key Type : EC_ecPublicKey (1.2.840.10045.2.1), Parameters: namedCurve: EC_NamedCurve_secp256r1 (1.2.840.10045.3.1.7)
Signature Algorithm : EC_ecdsa_with_SHA224 (1.2.840.10045.4.3.1)
You can specify -size 224|256|384|512. To get the appropriate EC size. This appears in the name, for example -size 384 gave EC_NamedCurve_secp384r1.
The signing algorithm also has a size, for example EC_ecdsa_with_SHA224 uses a key size of 224.
Using strmqikr
With strmqikm, select the Signature Algorithm first from the pull down, such as SHA512WithECDA, then select the key size. The list of key size values changes depending on the Signature Algorithm.
Runmqckm does not work
Note runmqckm does not support Elliptic curves. Use runmqakm instead.
ColinPaice 
One thought on “How do I create a certificate with Elliptic Curve (or RSA)”