So actually this is a little ex curs into cryptography of the elliptic curve type:
ECC provides 2 features that are interesting to me for this project:
- Better security due to not being brute force-able by factoring only.
- shorter key-length and therefore better suited to systems with limited resources like the Beaglebone Black
The drawbacks
- no support by CAs yet
- very limited browser support (Firefox an d Chrome do support only 3 of the many curve-types that are supported by openssl
openssl ecparam -out myveryown-ecc.pem -outform pem -name secp384r1 -genkey
Make a signing request:
openssl req -new -nodes -key myveryown-ecc.key -keyout myveryown-ecc.pem -outform pem -out myveryown-ecc.req
Sign it as usual (for example with your own CA: openssl ca -keyfile MyCA.key -cert MyCA.pem -in myveryown-ecc.req -out owncloud.moosbauer.net-ecc-cert-myveryown-ecc.pem -outdir .) and enjoy
To Dos out of this: bring ECC to the file encryption feature of owncloud.
Part 1 Part 2
No comments:
Post a Comment