Hello,
just curious but i would like to know if Ciphermail latest release is
prepared to handle ECC algorithms instead of RSA/DSA according to the
RFC 3278/5753??
I'm totaly aware that one needs a ECC PKI chain for this, but just to
be sure if this is fully implemented...
Regards
Andreas
Bouncycastle seems to support RFC 5753 but I must admin I have not
tested ECC certificates yet. I have done some testing with PGP ECC keys
although support for ECC PGP keys is only supported by the beta version
of GPG 2 so testing was not complete.
I will do some tests with ECC certificates. The biggest issue is getting
good test cases.
Kind regards,
Martijn Brinkers
On 10/27/2014 03:45 PM, lst_hoe02(a)kwsoft.de wrote:
just curious but i would like to know if Ciphermail latest release is
prepared to handle ECC algorithms instead of RSA/DSA according to the
RFC 3278/5753??I'm totaly aware that one needs a ECC PKI chain for this, but just to be
sure if this is fully implemented...
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
On 10/27/2014 03:45 PM, lst_hoe02(a)kwsoft.de wrote:
just curious but i would like to know if Ciphermail latest release is
prepared to handle ECC algorithms instead of RSA/DSA according to the
RFC 3278/5753??I'm totaly aware that one needs a ECC PKI chain for this, but just to be
sure if this is fully implemented...Bouncycastle seems to support RFC 5753 but I must admin I have not
tested ECC certificates yet. I have done some testing with PGP ECC keys
although support for ECC PGP keys is only supported by the beta version
of GPG 2 so testing was not complete.I will do some tests with ECC certificates. The biggest issue is getting
good test cases.Kind regards,
Martijn Brinkers
As of certificates i found this one http://www.entrust.net/ecc/
May intention was to first ask if it is useful to do some actual
testing or if this is known not working as of today. If i have some
spare time to poke around with ECC certifiactes i will let you know.
Thanks
Andreas
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
just curious but i would like to know if Ciphermail latest release is
prepared to handle ECC algorithms instead of RSA/DSA according to the
RFC 3278/5753??I'm totaly aware that one needs a ECC PKI chain for this, but just to be
sure if this is fully implemented...Bouncycastle seems to support RFC 5753 but I must admin I have not
tested ECC certificates yet. I have done some testing with PGP ECC keys
although support for ECC PGP keys is only supported by the beta version
of GPG 2 so testing was not complete.I will do some tests with ECC certificates. The biggest issue is getting
good test cases.Kind regards,
Martijn Brinkers
Ok, looks like not working as of today:
Import certificate + root-CA is ok, but this looks suspicious when
clicking on the cert
Public Key Length
-1
Public Key Algorithm
Unknown
When trying to sign with this cert/key we got the following
03 Nov 2014 17:10:12 | ERROR Error signing the message.
(mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #2]
mitm.common.security.smime.SMIMEBuilderException:
org.bouncycastle.operator.OperatorCreationException: cannot create
signer: Supplied key
(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) is not
a RSAPrivateKey instance
at
mitm.common.security.smime.SMIMEBuilderImpl.addSigner(SMIMEBuilderImpl.java:264)
at
mitm.common.security.smime.SMIMEBuilderImpl.addSigner(SMIMEBuilderImpl.java:276)
at
mitm.application.djigzo.james.mailets.SMIMESign.serviceMail(SMIMESign.java:414)
at
mitm.application.djigzo.james.mailets.AbstractDjigzoMailet.service(AbstractDjigzoMailet.java:277)
at
org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:424)
at
org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:405)
at
org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:309)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.bouncycastle.operator.OperatorCreationException: cannot
create signer: Supplied key
(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) is not
a RSAPrivateKey instance
at
org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown
Source)
at
mitm.common.security.smime.SMIMEBuilderImpl.addSigner(SMIMEBuilderImpl.java:258)
... 7 more
Caused by: java.security.InvalidKeyException: Supplied key
(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) is not
a RSAPrivateKey instance
at
org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown
Source)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1147)
at java.security.Signature.initSign(Signature.java:511)
... 9 more
Thunderbird looks like at least basically working with ECC.
Regards
Andreas
On 10/27/2014 03:45 PM, lst_hoe02(a)kwsoft.de wrote: