{"id":20804,"date":"2023-09-25T19:30:50","date_gmt":"2023-09-25T17:30:50","guid":{"rendered":"http:\/\/blog.wenzlaff.de\/?p=20804"},"modified":"2023-09-25T19:10:24","modified_gmt":"2023-09-25T17:10:24","slug":"xca-certification-authority-zertifizierungsstelle-mit-elliptische-kurven-kryptografie-ecc-secp256k1","status":"publish","type":"post","link":"http:\/\/blog.wenzlaff.de\/?p=20804","title":{"rendered":"XCA &#8211; Certification Authority (Zertifizierungsstelle) mit Elliptische-Kurven-Kryptografie (ECC) secp256k1"},"content":{"rendered":"<p>In der Informationssicherheit und Verschl\u00fcsselung steht &#8222;CA&#8220; f\u00fcr Certification Authority. Eine Zertifizierungsstelle ist eine vertrauensw\u00fcrdige Organisation, die digitale Zertifikate ausstellt und verwaltet. Diese Zertifikate werden verwendet, um die Identit\u00e4t von Websites, Servern und Benutzern in verschl\u00fcsselten Kommunikationen zu \u00fcberpr\u00fcfen, z. B. bei der SSL\/TLS-Verschl\u00fcsselung im Web. Hier ein Bild der XCA GUI unter Linux:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/wenzlaff.de-2023-09-25-um-16.32.13.png\" alt=\"\" width=\"1924\" height=\"1520\" class=\"aligncenter size-full wp-image-20805\" srcset=\"http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/wenzlaff.de-2023-09-25-um-16.32.13.png 1924w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/wenzlaff.de-2023-09-25-um-16.32.13-300x237.png 300w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/wenzlaff.de-2023-09-25-um-16.32.13-1024x809.png 1024w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/wenzlaff.de-2023-09-25-um-16.32.13-768x607.png 768w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/wenzlaff.de-2023-09-25-um-16.32.13-1536x1213.png 1536w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/p>\n<p>Gestern wurde eine neue Version 2.5.0 der <a href=\"https:\/\/github.com\/chris2511\/xca\/releases\/tag\/RELEASE.2.5.0\" rel=\"noopener\" target=\"_blank\">XCA<\/a> ver\u00f6ffentlicht. Daf\u00fcr gibt es auf dem Raspberry Pi 4 noch kein Package. <\/p>\n<p>Aber man kann es ja auch selbst compilieren und zwar so f\u00fcr den aktuellen dev 2.5.3 Stand:<\/p>\n<p><!--more--><\/p>\n<pre class=\"lang:default decode:true \" >\r\n\r\n# Abh\u00e4ngigkeiten installieren\r\n# f\u00fcr Bookworm\r\nsudo apt install build-essential libssl-dev pkg-config qtbase5-dev qttools5-dev-tools libqt5sql5 libqt5help5 cmake qttools5-dev python3-sphinxcontrib.qthelp\r\n\r\n# f\u00fcr Bullseye oder Buster\r\nsudo apt install build-essential libssl-dev pkg-config qtbase5-dev qttools5-dev-tools libqt5sql5 libqt5help5 cmake qttools5-dev python3-sphinx\r\n\r\n# Projekt clonen\r\ngit clone https:\/\/github.com\/chris2511\/xca.git\r\n\r\n# Konfigurieren\r\ncmake -B build xca\r\n\r\n# Bauen, ca eine halbe Stunde auf dem Pi 4\r\ncmake --build build -j5\r\n\r\n# Installieren\r\nsudo cmake --install build\r\n\r\n# Aufrufen und Test siehe http:\/\/blog.wenzlaff.de\/?p=20761\r\n\r\n<\/pre>\n<p>Es gibt nun viele EC Keys, hier eine Auswahl:<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/xca-keys.png\" alt=\"\" width=\"930\" height=\"1502\" class=\"aligncenter size-full wp-image-20806\" srcset=\"http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/xca-keys.png 930w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/xca-keys-186x300.png 186w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/xca-keys-634x1024.png 634w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2023\/09\/xca-keys-768x1240.png 768w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/p>\n<p>Oder auch alle 79, \u00fcber die CMD mit: <strong>xca &#8211;list-curves<\/strong><\/p>\n<pre class=\"theme:mirc-dark minimize:true lang:default decode:true \" >\r\n\r\nsecp112r1                 SECG\/WTLS curve over a 112 bit prime field\r\nsecp112r2                 SECG curve over a 112 bit prime field\r\nsecp128r1                 SECG curve over a 128 bit prime field\r\nsecp128r2                 SECG curve over a 128 bit prime field\r\nsecp160k1                 SECG curve over a 160 bit prime field\r\nsecp160r1                 SECG curve over a 160 bit prime field\r\nsecp160r2                 SECG\/WTLS curve over a 160 bit prime field\r\nsecp192k1                 SECG curve over a 192 bit prime field\r\nsecp224k1                 SECG curve over a 224 bit prime field\r\nsecp224r1                 NIST\/SECG curve over a 224 bit prime field\r\nsecp256k1                 SECG curve over a 256 bit prime field\r\nsecp384r1                 NIST\/SECG curve over a 384 bit prime field\r\nsecp521r1                 NIST\/SECG curve over a 521 bit prime field\r\nprime192v1                NIST\/X9.62\/SECG curve over a 192 bit prime field\r\nprime192v2                X9.62 curve over a 192 bit prime field\r\nprime192v3                X9.62 curve over a 192 bit prime field\r\nprime239v1                X9.62 curve over a 239 bit prime field\r\nprime239v2                X9.62 curve over a 239 bit prime field\r\nprime239v3                X9.62 curve over a 239 bit prime field\r\nprime256v1                X9.62\/SECG curve over a 256 bit prime field\r\nsect113r1                 SECG curve over a 113 bit binary field\r\nsect113r2                 SECG curve over a 113 bit binary field\r\nsect131r1                 SECG\/WTLS curve over a 131 bit binary field\r\nsect131r2                 SECG curve over a 131 bit binary field\r\nsect163k1                 NIST\/SECG\/WTLS curve over a 163 bit binary field\r\nsect163r1                 SECG curve over a 163 bit binary field\r\nsect163r2                 NIST\/SECG curve over a 163 bit binary field\r\nsect193r1                 SECG curve over a 193 bit binary field\r\nsect193r2                 SECG curve over a 193 bit binary field\r\nsect233k1                 NIST\/SECG\/WTLS curve over a 233 bit binary field\r\nsect233r1                 NIST\/SECG\/WTLS curve over a 233 bit binary field\r\nsect239k1                 SECG curve over a 239 bit binary field\r\nsect283k1                 NIST\/SECG curve over a 283 bit binary field\r\nsect283r1                 NIST\/SECG curve over a 283 bit binary field\r\nsect409k1                 NIST\/SECG curve over a 409 bit binary field\r\nsect409r1                 NIST\/SECG curve over a 409 bit binary field\r\nsect571k1                 NIST\/SECG curve over a 571 bit binary field\r\nsect571r1                 NIST\/SECG curve over a 571 bit binary field\r\nc2pnb163v1                X9.62 curve over a 163 bit binary field\r\nc2pnb163v2                X9.62 curve over a 163 bit binary field\r\nc2pnb163v3                X9.62 curve over a 163 bit binary field\r\nc2pnb176v1                X9.62 curve over a 176 bit binary field\r\nc2tnb191v1                X9.62 curve over a 191 bit binary field\r\nc2tnb191v2                X9.62 curve over a 191 bit binary field\r\nc2tnb191v3                X9.62 curve over a 191 bit binary field\r\nc2pnb208w1                X9.62 curve over a 208 bit binary field\r\nc2tnb239v1                X9.62 curve over a 239 bit binary field\r\nc2tnb239v2                X9.62 curve over a 239 bit binary field\r\nc2tnb239v3                X9.62 curve over a 239 bit binary field\r\nc2pnb272w1                X9.62 curve over a 272 bit binary field\r\nc2pnb304w1                X9.62 curve over a 304 bit binary field\r\nc2tnb359v1                X9.62 curve over a 359 bit binary field\r\nc2pnb368w1                X9.62 curve over a 368 bit binary field\r\nc2tnb431r1                X9.62 curve over a 431 bit binary field\r\nwap-wsg-idm-ecid-wtls1    WTLS curve over a 113 bit binary field\r\nwap-wsg-idm-ecid-wtls3    NIST\/SECG\/WTLS curve over a 163 bit binary field\r\nwap-wsg-idm-ecid-wtls4    SECG curve over a 113 bit binary field\r\nwap-wsg-idm-ecid-wtls5    X9.62 curve over a 163 bit binary field\r\nwap-wsg-idm-ecid-wtls6    SECG\/WTLS curve over a 112 bit prime field\r\nwap-wsg-idm-ecid-wtls7    SECG\/WTLS curve over a 160 bit prime field\r\nwap-wsg-idm-ecid-wtls8    WTLS curve over a 112 bit prime field\r\nwap-wsg-idm-ecid-wtls9    WTLS curve over a 160 bit prime field\r\nwap-wsg-idm-ecid-wtls10   NIST\/SECG\/WTLS curve over a 233 bit binary field\r\nwap-wsg-idm-ecid-wtls11   NIST\/SECG\/WTLS curve over a 233 bit binary field\r\nwap-wsg-idm-ecid-wtls12   WTLS curve over a 224 bit prime field\r\nbrainpoolP160r1           RFC 5639 curve over a 160 bit prime field\r\nbrainpoolP160t1           RFC 5639 curve over a 160 bit prime field\r\nbrainpoolP192r1           RFC 5639 curve over a 192 bit prime field\r\nbrainpoolP192t1           RFC 5639 curve over a 192 bit prime field\r\nbrainpoolP224r1           RFC 5639 curve over a 224 bit prime field\r\nbrainpoolP224t1           RFC 5639 curve over a 224 bit prime field\r\nbrainpoolP256r1           RFC 5639 curve over a 256 bit prime field\r\nbrainpoolP256t1           RFC 5639 curve over a 256 bit prime field\r\nbrainpoolP320r1           RFC 5639 curve over a 320 bit prime field\r\nbrainpoolP320t1           RFC 5639 curve over a 320 bit prime field\r\nbrainpoolP384r1           RFC 5639 curve over a 384 bit prime field\r\nbrainpoolP384t1           RFC 5639 curve over a 384 bit prime field\r\nbrainpoolP512r1           RFC 5639 curve over a 512 bit prime field\r\nbrainpoolP512t1           RFC 5639 curve over a 512 bit prime field<\/pre>\n<p>Auch meine <a href=\"http:\/\/blog.wenzlaff.de\/?s=ecc\" rel=\"noopener\" target=\"_blank\">Lieblingskurve<\/a> secp256k1 ist dabei. <\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/07\/elliptische-kurven-kryptografie.png\" alt=\"\" width=\"2448\" height=\"1664\" class=\"aligncenter size-full wp-image-17284\" srcset=\"http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/07\/elliptische-kurven-kryptografie.png 2448w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/07\/elliptische-kurven-kryptografie-300x204.png 300w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/07\/elliptische-kurven-kryptografie-1024x696.png 1024w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/07\/elliptische-kurven-kryptografie-768x522.png 768w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/07\/elliptische-kurven-kryptografie-1536x1044.png 1536w, http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/07\/elliptische-kurven-kryptografie-2048x1392.png 2048w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/p>\n<p>Die Elliptische-Kurven-Kryptografie (ECC) ist eine moderne Form der Public-Key-Kryptografie, die auf der mathematischen Theorie elliptischer Kurven basiert. Die ECC wird h\u00e4ufig f\u00fcr die sichere Verschl\u00fcsselung von Daten und digitale Signaturen in verschiedenen Anwendungen, einschlie\u00dflich Kryptow\u00e4hrungen wie Bitcoin, verwendet. Die ECC ist effizienter als viele andere Public-Key-Kryptosysteme und bietet eine vergleichbare Sicherheit bei k\u00fcrzeren Schl\u00fcssell\u00e4ngen, was zu einer geringeren Rechenleistung und einem geringeren Speicherbedarf f\u00fchrt.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In der Informationssicherheit und Verschl\u00fcsselung steht &#8222;CA&#8220; f\u00fcr Certification Authority. Eine Zertifizierungsstelle ist eine vertrauensw\u00fcrdige Organisation, die digitale Zertifikate ausstellt und verwaltet. Diese Zertifikate werden verwendet, um die Identit\u00e4t von Websites, Servern und Benutzern in verschl\u00fcsselten Kommunikationen zu \u00fcberpr\u00fcfen, z. B. bei der SSL\/TLS-Verschl\u00fcsselung im Web. Hier ein Bild der XCA GUI unter Linux: Gestern &hellip; <\/p>\n<p class=\"link-more\"><a href=\"http:\/\/blog.wenzlaff.de\/?p=20804\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eXCA &#8211; Certification Authority (Zertifizierungsstelle) mit Elliptische-Kurven-Kryptografie (ECC) secp256k1\u201c <\/span>weiterlesen<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[220,4606,2173,808,79,1023,1319],"tags":[1014,5803,5804,1379,4665,5806,844,3655,4663,191,5799,1021,5805],"class_list":["post-20804","post","type-post","status-publish","format-standard","hentry","category-anleitung","category-crypto","category-debian","category-linux-2","category-programmierung","category-raspberry-pi","category-sicherheit-2","tag-ca","tag-certificate","tag-certification-authority","tag-compilieren","tag-ecc","tag-elliptische-kurven-kryptografie","tag-neue-version","tag-pi-4","tag-secp256k1","tag-update","tag-xca","tag-zertifikate","tag-zertifizierungsstelle"],"_links":{"self":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/20804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20804"}],"version-history":[{"count":0,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/20804\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20804"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}