Mail archive

Re: [alpine-devel] APK Key Size - Request to move from 1024 to 2048

From: Timo Teras <>
Date: Mon, 24 Nov 2014 08:19:02 +0200

On Sun, 23 Nov 2014 21:57:45 -0800
Orion <> wrote:

> > Though, it would be probably good time to start doing EC-DSA
> > signatures soon. Should probably be a target for alpine-3.2.
> Sounds like a good idea to me. Is there any given best practices for
> EC-DSA and signing?

There are several. I would probably just go ahead using the openssl the
same way as for RSA. That is to generate ASN1 encoded raw signatures.

For other parameters, I'm considering to use the NIST standard curves .
Ed25519/Curve25519 would be interesting, but seems openssl (at
least any release version) does not support it yet.

The recommended combinations for interoperability seem to be (in PGP,
SSL/TLS, CMS, IKEv2 and other standards):

EC NIST P-256 (equals ~3072 RSA), SHA2-256, AES-128
EC NIST P-384 (equals ~7680 RSA), SHA2-348, AES-192
EC NIST P-521 (equals ~15360 RSA), SHA2-512, AES-256

In our case it's signatures, so just picking a curve + digest would do.
Of these P256 is usually MUST, P521 is SHOULD, and P384 is MAY. So I'm
thinking on going with P256 + SHA2-256 as next step.

> Also I still can't find the signatures for the ISO releases or a
> signature of the hashes.

Unfortunately no. This is something we should do (or more like, should
have been doing for a long time). I think doing detached PGP-signatures
like others would be the way to go.

ncopa, any thoughts?


Received on Mon Nov 24 2014 - 08:19:02 UTC