Dear all, maybe it is a little early but the next (stable) version of OpenSSL will support Brainpool Ellptic curves (current beta 1.0.2-beta1 contains support for Brainpool already). Brainpool curves are defined in RFC 5639. Please find attached a patch file that adds support for Brainpool Elliptic Curves in OpenSSH. Currently, setting the bit size to 256, 384 or 521 selects one of the matching NIST curves - specification of named curves not supported. I added 512, which selects brainpoolP512r1 (canonically). Furthermore, you can specify the nick name of an Elliptic Curve using the -b switch of ssh-keygen. Supported nick names are: nistp256, nistp384, nistp521 and the Brainpool ones: brainpoolP256r1, brainpoolP256t1 brainpoolP384r1, brainpoolP384t1 brainpoolP512r1, brainpoolP512t1 Would be nice if someone could review (maybe modify if desired?) the patch and if it is eligible, then adding the stuff would make me (and hopefully others) happy. Btw, ECDSA host key not touched, i.e. derived from bit size (i.e. always a NIST-thing). Thx. [Gero@likemag] _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev