Generation of Digital Certificate x.509 v3 using Elliptic Curve Cryptography (ECC) & RSA : A Comparative Study & OpenSSL code Revisited

Abstract

A public key infrastructure enables users of a basically unsecure public network to securely and privately
exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a
trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an
organization and directory services that can store and when necessary revoke the certificates. The two major digital
signature algorithms are Elliptic Curve Digital Signature Algorithm (ECDSA) and RSA algorithm. The two algorithms
are used for generating the certificates exchanged between computer systems. The use of X.509v3 certificates to carry out
authentication tasks is an approach to improve security. The main advantage of ECC versus RSA is that for the same
level of security it requires a much shorter key length. The purpose of this work is to design and implement a free opensource Certification Authority able to issue X.509v3 certificates. The result of this research may assist organizations to
increase their security level in wireless devices and networks. This study compares the performance of ECC based
signature schemes and RSA schemes. It is observed that ECC based certificate authority schemes gives better speed and
security.