ECC Algorithm in Certificates
Using an Enterprise CA running on WS08 Enterprise RC1, I made a copy of the out-of-box Computer certificate template, and modified it (on the Cryptography tab) so it used a Elliptical Curve Cryptography (ECC) algorithm such as ECDH_P256 for the public key. This automatically changed the Key Usage from Key Encipherment to Key Agreement. I issued this modified template and enrolled a certificate using it from a Vista SP1 domain computer. This certificate could not be used for authentication in a connection security rule. I made another copy of the Computer certificate template, again modfied so it used an ECC algorithm, but this time I changed the Key Usage back to Key Encipherment (on the Extensions tab, Encryption area). An enrollment attempt was denied by the policy module ("the certificate is not valid for the requested usage").I made a third copy of the Computer certificate template, but this time I modfied it so it used the RSA algorithm. There was no automatic change of Key Usage (it remained Key Encipherment). A certificate enrolled from this template could be used for authentication in a connection security rule.I had similar results when I generated a certificate request from the MMC "Custom Request" applet.Can anyone explain if the inability to use an ECC algorithm for the private-public key pair is a bug, by design, or my misconfiguration (in which case, how to do it right).Thanks.
December 22nd, 2007 4:06am

The reason you can't use this cert for authentication is because ECDH is a key-exchange protocol. It is an ECC variant of the Diffie-Hellman key exchange protocol. To do digital signatures you need to use ECC Digital Signature Algorithm (ECDSA_P256or better).
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2007 4:29am

Thanks for your reply.ECDH_256, ECDH_384, and ECDH_521 are the only CNG (ECC) choices available on the Cryptography tab of the copy of the Computer (Machine) template. RSA is available, but not desired here.By default, the value in the Purpose field of the Computer (Machine) certificate template, when copied as a Version 3 template, is Signature and Encryption. If the Purpose field value is changed to Signature, ECDSA_256, ECDSA_384, and ECDSA-521 become avialable.I have not tried yet to create certificates based on a Signature purpose for use with a Connection Security Rule yet, but will report back.
December 27th, 2007 4:36am

I don't think there is a standard for using ECDSA in certificates yet (http://www.ietf.org/internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-01.txt). Microsoft may thereforenot have implemented it in RC1. It does appear it is coming though (http://msdn2.microsoft.com/en-us/library/aa364977.aspx).
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2007 4:51am

It appears you are correct that Microsoft have not implemented support for ECDSA in certificates in RC1. I created such certificates on the two computers, which required the value of the Purpose field to be Signature (as opposed to Signature and Encryption); they did not work with a Connection Security Rule that had computer certificate as the authentication method.As I noted in my original post, the value in the Purpose field of the out-of-box Computer certificate is Signature and Encryption, and the Key Usage is Digital Signature and Key Encipherment, so dropping back to Digital Signature in order to use ECDSA instead of ECDH may be part of the problem.
December 27th, 2007 5:31am

Update 2008-01-03 - more evidence that ECC algorithms are not supported for asymmetric encryption (such as for the public/private key pair) in WS08 RC1:If you issue the command certutil -csplist, pipe its output to a file, and examine that file, only RSA is listed uder Asymmetric Encryption Algorithms. By contrast, ECC algorithms are listed under Secret Agreement Algorithms (ECDH_P256, ECDH_P384, and ECDH_P521) as well as under Signature Algorithms (ECDSA_P256, ECDSA_P384, and ECDSA_P521).
Free Windows Admin Tool Kit Click here and download it now
January 3rd, 2008 9:30pm

Update 2008-02-12Using WS08 RTM, certificates with ECDSA_P256 and ECDSA_P521 algorithms for the public key still won't work for authentication in connection security rules.Can anyone, especially from Microsoft, comment on whether this a result of:a) misconfiguration; if so how to correct?b) by design; if so if there is any plan to change it?I'm asking because one of the benefits of WS08 is implementation of Cryptography Next Generation (CNG) algorithms, but it seems a limited benefit it it can't be used for certificates in connection security rules.
February 12th, 2008 5:47pm

You're right, I think. Looking at both the UI and the command line, I cannot see anywhere to specify use of ECDSA_X. Netsh specifies: For qmsecmethods, integrity=md5|sha1 and encryption=3des|des|aes128|aes192|aes256 Further, http://technet2.microsoft.com/windowsvista/en/library/005f921e-f706-401e-abb5-eec42ea0a03e1033.mspx?mfr=truespecifies that ECDSA is for IKE and AuthIP only, as does http://msdn2.microsoft.com/en-us/library/aa364977.aspx. I believe what this means is that, while ECDSA is supported for AuthIP, it can only be configured to require it by making calls using the WFP APIs. I can't verify that for sure, however. The documentation on AuthIP consists primarily of these articles: http://technet.microsoft.com/en-us/library/bb878097.aspxand http://www.microsoft.com/technet/technetmag/issues/2007/10/CableGuy/default.aspx.
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2008 7:45pm

Thanks for your quick reply, and for listing the relevant citations about ECC alogorithms and IKE/AuthIP in one place. It looks like the operative words here are support for as opposed to implementation of "new strong cryptographic algorithms used in IPsec", and that use of ECC algorithms that can be used for certificates for connection security rules, although available to developers, is not available to end users yet.Interestingly, http://msdn2.microsoft.com/en-us/library/aa364977.aspx lists IKEEXT_SSL_ECDSA_P256IKEEXT_SSL_ECDSA_P384but not IKEEXT_SSL_ECDSA_P521.
February 12th, 2008 9:03pm

For anybody following this thread. ECDSA is supported; you need to select the signature purpose ( in the certificate template) in the request handling tab and ECDSA will be displayed then in the Cryptography tab (do not forget to check your security settings if you want to enable autoenrollment also).
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2008 7:34pm

Thanks for the information. A certificate that uses an ECDSA algorithm and has a purpose of Signature may be created as you described, but cannot be used for authentication in Connection Security Rules.
November 1st, 2008 4:05am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics