Hello,
we want to use the Nitrokey HSM2 as CA to sign several certificates of embedded devices.
Therefore we use the ECC-Curve secp521r1 and OpenSSL as commandline tool with opensc and libp11.
The command that signs a request:
openssl x509 -req -CA CACertificate.pem -engine pkcs11 -CAkeyform engine -CAkey slot_XXX-id_YYYYY -in SigningRequest.csr -out Certificate.crt
The key that lies behind this ID has the type secp521r1.
Up to now that works pretty well, but I’m not sure if this is secure.
My Questions:
- The Algorithm that should be executed is ECDSA-521. Is this done by OpenSSL or fully done by the HSM?
- ECDSA has a big weakness when the value “k” is not chosen correctly. (Elliptic Curve Digital Signature Algorithm - Wikipedia)
With this weakness it’s possible to recover the private key of the CA with some certificates.
Do we have to do something to ensure the correct creation of “k”? Or is this ensured when the Certificate is signed with the command mentioned before? - Is there a maximum of certificates that should be signed by a private key?
Thanks for your help!
Best regards