SSL certificates most often use RSA keys, and the recommended size of these keys is constantly increasing (for example, from 1024 bits to 2048 bits over the past few years), which is associated with maintaining sufficient cryptographic strength. Both types of keys are based on the use of asymmetric algorithms (one key for encoding and one key for decoding). However, ECC carries the same level of cryptographic strength, while having much smaller keys, which allows for increased security along with reduced computing requirements. Let's look at what ECC is and why you should consider using it.
-
-
1
What is an ECC?
ECC (Elliptic Curve Cryptography) is a public-key cryptography method based on the use of elliptic curves over finite fields. The most important difference between ECC and RSA is the key size compared to cryptographic strength. ECC is able to provide the same cryptographic strength as the RSA system, but with much smaller keys. For example, a 256-bit ECC key is equivalent to 3072-bit RSA keys (which are 50% longer than the 2048-bit keys used today). Finally, the most secure symmetric algorithms used in TLS (for example, AES) use at least 128-bit keys, as a result of which the transition to asymmetric keys seems to be the most rational step.
-
2
Why to use ECC?
The small key size makes ECC the ideal choice for devices with limited storage or processing resources that are increasingly found in the IoT field. Speaking in the context of server-side uses, the small size of the keys allows you to speed up SSL handshakes (handshake), which translates into the fastest page loading and higher security.
Which certs supports ECC?
- All Sectigo SSL certificates;
- All GoGetSSL certificates;
- Symantec PRO products.
-
3
How to generate ECC key?
We have published a details manual of the generation process for ECC Private Key and CSR code. Please follow Wiki guide.
-
Conclusion
We are using ECC Certificates to protect our own services and highly suggest doing the same for all webmasters.
-