Short Signature required

From: Ken Cattanach (randd_at_no_spam.opdicom.com)
Date: 11/06/03 

Date: Thu, 6 Nov 2003 19:53:36 +1100

Hi,

We are developing an application for Win 98, Me, 2000, XP and 2003. Part of
the application's functionality is required to be activated by entering a
special code - similar to MS Windows XP Activation...

I was wanting to utilize assymetric cryptography to generate and verify the
activation codes, however algorithms like RSA generate digital signatures
that are the same size as their key. Not everyone is connected to the
internet and manual entry of the code is a requirement. Obviously with a
512 bit or 1024 bit key this is too long for a user to type in.

There seem to be a lot of products that require activation out there, many
of which claim to using public key cryptography - how do they generate such
short activation codes?

One thing that I am looking at is using Elliptic Curve Cryptography (ECC).
Because of its small key size it generates much smaller signatures. Does
anyone know if this is a good idea? If so, then does anyone know of any
good commercial or free ECC libraries? I'd prefer ECDSA compliance and if
it were a windows compatible CSP then that would be even better...

Oddly enough, I noticed that in the CAPICOM documentation in MSDN Library
there is mention of ECDSA in the form of a CSP type definition:

      CAPICOM_PROV_EC_ECDSA_SIG The CSP that supports the Elliptic Curve
Digital Signature Algorithm (ECDSA) functions and algorithms required for
digital signatures.

However, I couldn't see a Cryptographic Service Provider of this type. Does
this mean that ECDSA is actually going to be supported by Windows soon?

Thanks.

Ken.

Relevant Pages

  • Re: Short Signature required
    ... ECC is not supported by Windows or CryptoAPI at this time. ... > I was wanting to utilize assymetric cryptography to generate and verify ... > there is mention of ECDSA in the form of a CSP type definition: ...
    (microsoft.public.platformsdk.security)
  • Re: Can you use ECC to produce digital signatures? It doesnt see so.
    ... > cryptography for digital signatures even though it is a form of Public ... Cryptographic Message Syntax, discusses ecdsa ...
    (sci.crypt)
  • Re: Cryptography- RSA
    ... for future enquires - microsoft.public.security.crypto should be used for cryptography related questions. ... As about your question - standard installation of Windows 98 SE doesn't include strong or enhanced cryptography providers - only Base provider which only support 512 bits encryption keys. ...
    (microsoft.public.dotnet.framework.clr)
  • Re: Cryptography- RSA
    ... Thanks for taking the time to reply (I'll use the correct newsgroup next ... Windows 98 SE, but only came accross a download for IE with strong ... > include strong or enhanced cryptography providers - only Base provider ... > because base provider is used by default on W98SE/WME/NT4. ...
    (microsoft.public.dotnet.framework.clr)
  • Re: RSA question
    ... punishable offence. ... encryption done backwards originates in Diffie and Hellman's `New ... Directions in Cryptography', ... points out that digital signatures don't necessarily work like that. ...
    (sci.crypt)