Am Samstag, dem 16.10.2021 um 23:24 -0400 schrieb Matthew Miller:
On Fri, Oct 15, 2021 at 12:23:57PM +0200, Felix Schwarz wrote:
Am 14.10.21 um 21:44 schrieb Björn 'besser82' Esser:
I don't want to be pushy, but it's been a while since your reply. Did you get any response or reaction about this in the meantime?
Just wanted to mention that this affects me as well. For example electronic prescriptions in Germany require signatures with brainpool curves so as of now we'd have to rebuild OpenSSL to verify these signatures...
Thank you, that kind of information is very helpful. Can you link to something documenting this requirement? I coulnd't find anything in a quick search. (It's okay if it's in German.)
Here is a technical reference document (TR-03116-4) issued by German "BSI" [1] (Federal agency for IT security). On the very bottom of page 21 it says: "Außerdem muss die elliptische Kurve BrainpoolP256r1 für die ECC-Verfahren unterstützt werden" -> "Additionally support for BrainpoolP256r1 ECC is mandatory."
In TR-03116-2 [2] on page 9 one can also find the mandatory requirement for Brainpool ECC: "Für kryptographische Algorithmen basierend auf Elliptischen Kurven (d.h. ECDSA und ECKA) sind die Brainpool Domain Parameter [26] in den entsprechenden Bitlängen zu verwenden." -> "For cryptographic algorithms based on ECC (ECDSA, ECKA) Brainpool domain parameters with adequate bit lengths as shown are to be used."
Thanks, Björn
[1] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Technische... [2] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Technische...