Re: Brainpool Curves in Fedora (openssl, libgcrypt, gnupg)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am Samstag, dem 16.10.2021 um 23:24 -0400 schrieb Matthew Miller:
> On Fri, Oct 15, 2021 at 12:23:57PM +0200, Felix Schwarz wrote:
> > Am 14.10.21 um 21:44 schrieb Björn 'besser82' Esser:
> > > I don't want to be pushy, but it's been a while since your reply. 
> > > Did
> > > you get any response or reaction about this in the meantime?
> > 
> > Just wanted to mention that this affects me as well. For example
> > electronic prescriptions in Germany require signatures with
> > brainpool curves so as of now we'd have to rebuild OpenSSL to verify
> > these signatures...
> 
> Thank you, that kind of information is very helpful. Can you link to
> something documenting this requirement? I coulnd't find anything in a
> quick
> search. (It's okay if it's in German.)

Here is a technical reference document (TR-03116-4) issued by German
"BSI" [1] (Federal agency for IT security).  On the very bottom of page
21 it says: "Außerdem muss die elliptische Kurve BrainpoolP256r1 für die
ECC-Verfahren unterstützt werden" -> "Additionally support for
BrainpoolP256r1 ECC is mandatory."

In TR-03116-2 [2] on page 9 one can also find the mandatory requirement
for Brainpool ECC: "Für kryptographische Algorithmen basierend auf
Elliptischen Kurven (d.h. ECDSA und ECKA) sind die
Brainpool Domain Parameter [26] in den entsprechenden Bitlängen zu
verwenden." -> "For cryptographic algorithms based on ECC (ECDSA, ECKA)
Brainpool domain parameters with adequate bit lengths as shown are to be
used."

Thanks,
Björn


[1] 
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf
[2] 
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-2.pdf

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux