Hi

ECC and RSA are not based on the same concept. RSA is based on factorization and if I remember well ECC on modular logarithm. It is considered that factorization is a polynomial time complexity. But modular logarithm is quasi polynomial time complexity. And the difference resides in the quasi. This is why you have the same security with shorter length key.

I tried to generate ECC keys longer than 256 bits, but failed each time, so I doubt that Nitrokey Start is able to manage P384 ECC keys.

Curves are not equivalent, and a lot of controls should be considered. For instance with the Cofactor : to make it simple the number of points you can generate with the curve, and obviously the order of your generator.

If you are curious, study this easy Curve

E : y2 = x3 + 2 with n = 7. so x,y in [0,6]

Regarding the ECDH computation, I need to dig a little bit more.

I tried this command :

`OPENSC_DEBUG=9 pkcs15-crypt --decipher --key 2 --input buffToDecode.txt --raw`

And got :

```
P:2528; T:0x139761025049024 21:09:39.994 [pkcs15-crypt] pkcs15-sec.c:221:format_senv: Card does not support EC with field_size 0
P:2528; T:0x139761025049024 21:09:39.995 [pkcs15-crypt] pkcs15-sec.c:222:format_senv: returning with: -1408 (Not supported)
P:2528; T:0x139761025049024 21:09:39.995 [pkcs15-crypt] pkcs15-sec.c:276:sc_pkcs15_decipher: Could not initialize security environment: -1408 (Not supported)
Decrypt failed: Not supported
```

I have some doubt regarding pkcs15-crypt so I will directly exchange with the Nitrokey Start to check the output of the ECDH computation.

Regards.