Source code patch (for 6.6p1) adding support for Brainpool Elliptic Curves

Gero Peters gero at
Tue Apr 8 03:02:43 EST 2014

Dear all,
maybe it is a little early but the next (stable) version of OpenSSL will support
Brainpool Ellptic curves (current beta 1.0.2-beta1 contains support for
Brainpool already). Brainpool curves are defined in RFC 5639.
Please find attached a patch file that adds support for Brainpool Elliptic
Curves in OpenSSH. Currently, setting the bit size to 256, 384 or 521 selects
one of the matching NIST curves - specification of named curves not supported. I
added 512, which selects brainpoolP512r1 (canonically). Furthermore, you can
specify the nick name of an Elliptic Curve using the -b switch of ssh-keygen.

Supported nick names are:

nistp256, nistp384, nistp521

and the Brainpool ones:

brainpoolP256r1, brainpoolP256t1
brainpoolP384r1, brainpoolP384t1
brainpoolP512r1, brainpoolP512t1

Would be nice if someone could review (maybe modify if desired?) the patch and
if it is eligible, then adding the stuff would make me (and hopefully others)

Btw, ECDSA host key not touched, i.e. derived from bit size (i.e. always a


[Gero at likemag]


More information about the openssh-unix-dev mailing list