Considerations for elliptic curve cryptography (ECC)

Read about the prerequisites and restrictions when using the EC key handling and ECDSA sign and verify APIs and find a list of supported curves.

Prerequisites for ECC

To exploit the libzpc support of elliptic curve cryptography with protected ECC keys, the following hardware and software prerequisites are required:

  • For CPACF, MSA9 or later is required. MSA9 is available starting with IBM z15®.
  • At least one of the following cryptographic libraries must be installed:
    • CCA host library 7.0 or later which allows export to CPACF protected key format.
    • EP11 host library 3.0.0 or later which allows to make the key eligible for being transformed into a protected key.

    There is no error if one or both host libraries are not available. Each particular API function checks if its prerequisites are fulfilled. However, if you want to exploit the full libzpc functionality, both libraries are required.

  • At least one CryptoExpress7S (CEX7S or later) HSM with a valid master key configuration is required for key generation. ECC secure keys are created via the CCA and EP11 host libraries. Both libraries require CEX7S cryptographic coprocessors to create secure keys that wrap the effective key (of type ECC key) which in turn can be converted into a CPACF protected key format.

Supported curves

ECC support is limited to the curves supported by CPACF with MSA9. The following curves are currently supported with MSA9:

  • prime256 with OID 1.2.840.10045.3.1.7
  • secp384 with OID 1.3.132.0.34
  • secp521 with OID 1.3.132.0.35
  • Ed25519 with OID 1.3.101.112
  • Ed448 with OID 1.3.101.113

Restrictions

  • Applications should always provide hashed messages for input to sign and verify functions.
  • Also, applications should choose hash algorithms so that the hash length is not shorter than the ECC group size (32 bytes for p256, 48 bytes for p384, and 64 bytes for p521).
  • libzpc truncates longer inputs to use a number of leftmost bytes according to above lengths.
  • libzpc does not support compressed ECC public keys, because these are not supported by CPACF. The application is required to provide uncompressed public keys without the leading compress-indication byte.