ELLIPTIC_CURVE - Universal Certificate configuration option

Description

The ELLIPTIC_CURVE option specifies the name of the Elliptic Curve used to generate the EC (Elliptical Curve) keys upon creating a certificate request. This option only applies if the PRIVATE_KEY_TYPE is set to EC. 

Usage

Method

Syntax

IBM i

HP NonStop

UNIX

Windows

z/OS

Command Line, Short Form

-S name



(tick)

(tick)

(tick)

Command Line, Long Form

-elliptic_curve name



(tick)

(tick)

(tick)

Environment Variable

 UCRELLIPTICCURVE=name



(tick)

(tick)

(tick)

Values

 name is the Elliptic Curve name supported by OpenSSL.

Valid values for name are:

  • secp112r2 (110 bit key; equivalent to 512 bit RSA key)
  • secp160r1 (161 bit key; equivalent to 1024 bit RSA key)
  • secp224k1 (225 bit key; equivalent to 2048 bit RSA key)
  • prime256v1 (256 bit key; equivalent to 3072 bit RSA key)
  • secp384r1 (384 bit key; equivalent to 7680 bit RSA key)

Default is prime256v1.