Discuss this help topic in SecureBlackbox Forum

Create certificate with ECDSA key

Generation of a certificate carrying a ECDSA key in most cases is no different from the standard generation procedure. The only difference is how you specify the parameters of the key. By default, configuration of the elliptic curve is chosen automatically, basing on the key size passed to the Generate() method: cert.Generate(8, SBConstants.Unit.SB_CERT_ALGORITHM_SHA224_ECDSA);

Depending on the key size (in bits), the following curves will be used:

  • 192 and less — SECP192R1
  • 193 to 224 — SECP224R1
  • 224 to 256 — SECP256R1
  • 256 to 384 — SECP384R1
  • 385 and more — SECP521R1
If you wish to use a custom curve, invoke the Generate() method overload that accepts the key and signature algorithms as TElAlgorithmIdentifier objects. These objects should be of TElECAlgorithmIdentifier type, with the appropriate values assigned to their Curve properties.

Certificate-related How To articles

Discuss this help topic in SecureBlackbox Forum