CentOS - Apr 2014 - Support for ECDSA in OpenSSL?

Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?

How do I test if this works?  (though I should probably ask this on the 
OpenSSL list)

The reason I suspect a problem is that HIPL for Centos 
(http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity, 
whereas my Fedora installation IS creating the ECDSA HI.

From: Robert Moskowitz <rgm at htt-consult.com>
> Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
Google finds:

"ECDSA Support in OpenSSL
Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital
Signature Algorithm (DSA) which uses Elliptic Curve Cryptography (ECC). Note
that only the nistp256 and nistp384 curves are supported."

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Release_Notes/bh-chap-security.html

JD

On Fri, 25 Apr 2014, Robert Moskowitz wrote:
> Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
On CentOS 6.5, OpenSSL does but SSH does not.
> How do I test if this works?  (though I should probably ask this on the
> OpenSSL list)
On a CentOS 6.5 box, asking for an ECDSA key fails:

   [centos-6.5]$ ssh-keygen -f zzz -t ecdsa
   unknown key type ecdsa

On a Debian jessie box, it succeeds:

   [debian]$ ssh-keygen -f zzz -t ecdsa
   Generating public/private ecdsa key pair.
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in zzz.
   Your public key has been saved in zzz.pub.

If I scp the newly created zzz key to a CentOS box, its openssl binary 
can understand it:

   [centos-6.5]$ openssl ec -in zzz
   read EC key
   writing EC key
   -----BEGIN EC PRIVATE KEY-----
   ...
   -----END EC PRIVATE KEY-----

That's the best test I know.

-- 
Paul Heinlein
heinlein at madboa.com
45?38' N, 122?6' W