Sun has contributed an Elliptic Curve cryptography code implementation to the OpenSSL (Secure Socket Layer) project. Elliptic Curve cryptography is an emerging public-key cryptosystem which provides the same degree of security as systems used in SSL today with approximately one-eighth the key size. This makes the technology especially useful for mobile devices and other small devices that are limited in power, CPU performance, memory or bandwidth.

OpenSSL provides an open source implementation of the Secure Socket Layer (SSL), the dominant security protocol used on the Web today. Sun's contribution also includes a full-strength, general purpose ECC library which is highly modular and usable for other protocols besides SSL.

The new cross-platform source code contributed by Sun Laboratories is available under the OpenSSL project's open source license which allows free use for commercial and non-commercial purposes, thus affording developers the opportunity to incorporate this next generation cryptographic technology into innovative new security-enabled products and services. This implementation can be put to use quickly and internationally, with the confidence that the technology has been tested through the strength of the open source development method.

Designed to promote ECC technology standardization and interoperability, Sun's contributions to the OpenSSL project include:

• Addition of ECC cipher suites based on the current IETF internet-draft, co-authored by Sun, specifying the use of elliptic curve technology in SSL.

• Implementation of the Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol based on ANSI X9.63.

• Addition of elliptic curve support over binary polynomial fields and the underlying arithmetic library completing the Elliptic Curve cryptographic library in OpenSSL.

The latest version of the OpenSSL code containing ECC cipher suites can be found at the OpenSSL Website:

ftp://ftp.openssl.org/snapshot/

The download file is named:

openssl-SNAP-20020911.tar.gz or later version

Elliptic Curve Cryptography (ECC) is an emerging public-key cryptosystem endorsed by the National Institute of Standards and Technology for U.S. government use and standardized in IEEE 1363, ANSI X9.62 and ANSI X9.63. Compared to currently prevalent cryptosystems like RSA, DSA and Diffie-Hellman, ECC offers equivalent security with smaller key sizes, which results in faster computations, lower power consumption, as well as memory and bandwidth savings. For example, 163-bit key Elliptic Curve technology offers the equivalent security strength of a 1024-bit RSA system.

Managed by a worldwide community of volunteers, the OpenSSL Project develops and supports the OpenSSL toolkit, an open source implementation of SSL, the dominant security protocol used on the Internet today. Additional information can be found on the OpenSSL Website at:

http://www.openssl.org [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter