Elliptic Curve Cryptography (ECC) Support

There was missing some math symbols:

The curve used is y^2 = x^3 + 486662*x^2 + x, a Montgomery curve, over the prime field defined by the prime number 2^255 − 19, and it uses the base point x = 9.

By the way the prime number without the math signs give the curve the name.

things that use curve25519


1 Like

So, is EC certificate generation possible using Let’s Encypt now? Or do appropriate intermediates (EC signed) have to be generated by the ISRG? How can I use LE Client to get an EC-521 certificate?


No, not necessarily.


It should be mentioned that EC is only possible on staging right now.
Production currently say: {“type”:“urn:acme:error:malformed”,“detail”:“ECDSA curve P-256 not allowed”,“status”:400}
Would be nice it there would be an update when it will be enabled on production.
Since now also the Profiles depending on the key types are possible.


Update: We’ve enabled signing of end-entity certificates containing EC public keys in production.

Big thanks to @hlandau and @selecadm for their help on this!


Cool it works :slight_smile:
-> https://suche.org/ had an problem with HPKP :frowning:

And here the test result: https://www.ssllabs.com/ssltest/analyze.html?d=suche.org

1 Like

Maybe this good information is worth an pinned Information for some time on the start page. There are many people waiting for this feature.

Hi @jsha!

ECDSA is a big win. :slightly_smiling:

I take it this means that you’ve had your key signing ceremony and LE’s ECDSA CA is trusted?

Will somebody be updating this page with the new CA certs?

Nope. We decided as an interim step to sign EC end-entity certs (aka leaf certs) using our RSA intermediates. Eventually, once we have a key signing ceremony and generate a new EC root and intermediates, and get a cross-signature, we will start signing EC EE certs with our EC intermediate.


Ah fair enough. Good to know! :slight_smile:

Could you tell how do it ? I am using IIS8.5

Not really since i have it integrated in my web server and do not use the official client.

OK now i know that i need to be more carefully with hpkp :slight_smile:

1 Like

Hi @jsha are ecdsa keys also supported for use as registration keys?

Yes they are :slight_smile: I can confirm this even for production.

1 Like

wow with EC keys and the new version of LE this might even run nicely on a pi 1b

Do you know if I can provide certificate transparency information (I have latest Apache Ubuntu with latest OpenSSL) for two different certificates (an EC one and an RSA one)? How can I do that? Is that possible at all using some modification of cts-submit.php here?

cts-submit you do not need at all. It publish your cert to the log server.
I think it should work the same like if you have different certificates for different domains.
How you make the CT available for one cert ?

But resubmitting your cert to a log will get you your CTS. As Let’s Encrypt currently doesn’t have a method of retreiving the CTS of your cert, the resubmit-method is the only way I know…

1 Like