Elliptic Curve Cryptography (ECC) Support

There was missing some math symbols:

The curve used is y^2 = x^3 + 486662*x^2 + x, a Montgomery curve, over the prime field defined by the prime number 2^255 − 19, and it uses the base point x = 9.

By the way the prime number without the math signs give the curve the name.

1 Like

things that use curve25519

https://ianix.com/pub/curve25519-deployment.html

2 Likes

So, is EC certificate generation possible using Let’s Encypt now? Or do appropriate intermediates (EC signed) have to be generated by the ISRG? How can I use LE Client to get an EC-521 certificate?

1 Like

Yes.

No, not necessarily.

See

1 Like

It should be mentioned that EC is only possible on staging right now.
Production currently say: {“type”:“urn:acme:error:malformed”,“detail”:“ECDSA curve P-256 not allowed”,“status”:400}
Would be nice it there would be an update when it will be enabled on production.
Since now also the Profiles depending on the key types are possible.

3 Likes

Update: We’ve enabled signing of end-entity certificates containing EC public keys in production.

Big thanks to @hlandau and @selecadm for their help on this!

7 Likes

Cool it works :slight_smile:
-> https://suche.org/ had an problem with HPKP :frowning:

And here the test result: https://www.ssllabs.com/ssltest/analyze.html?d=suche.org

2 Likes

Maybe this good information is worth an pinned Information for some time on the start page. There are many people waiting for this feature.

1 Like

Hi @jsha!

ECDSA is a big win. :slightly_smiling:

I take it this means that you’ve had your key signing ceremony and LE’s ECDSA CA is trusted?

Will somebody be updating this page with the new CA certs?

1 Like

Nope. We decided as an interim step to sign EC end-entity certs (aka leaf certs) using our RSA intermediates. Eventually, once we have a key signing ceremony and generate a new EC root and intermediates, and get a cross-signature, we will start signing EC EE certs with our EC intermediate.

3 Likes

Ah fair enough. Good to know! :slight_smile:

1 Like

Could you tell how do it ? I am using IIS8.5

1 Like

Not really since i have it integrated in my web server and do not use the official client.

1 Like

OK now i know that i need to be more carefully with hpkp :slight_smile:

2 Likes

Hi @jsha are ecdsa keys also supported for use as registration keys?

1 Like

Yes they are :slight_smile: I can confirm this even for production.

2 Likes

wow with EC keys and the new version of LE this might even run nicely on a pi 1b

1 Like

Do you know if I can provide certificate transparency information (I have latest Apache Ubuntu with latest OpenSSL) for two different certificates (an EC one and an RSA one)? How can I do that? Is that possible at all using some modification of cts-submit.php here?

1 Like

cts-submit you do not need at all. It publish your cert to the log server.
I think it should work the same like if you have different certificates for different domains.
How you make the CT available for one cert ?

1 Like

But resubmitting your cert to a log will get you your CTS. As Let’s Encrypt currently doesn’t have a method of retreiving the CTS of your cert, the resubmit-method is the only way I know…

2 Likes