August, 20 2016

CyberSSL supports Elliptic Curve Cryptography (ECC Certificates)

We are one of the few Security companies that decided to support ECC SSL Certificates with stronger security and 2x times higher performance.


ECDSA, Being a very efficient algorithm allows much smaller key sizes with stronger encryption. For example, a 160 bit ECC key is comparable with an RSA 1024 bit.

The table below illustrates how efficient is the ECDSA algorithm:

Symmetric Key length RSA Key length ECC Key length
80 bit 1024 bit 160 bit
112 bit 2048 bit 224 bit
128 bit 3072 bit 256 bit
192 bit 7680 bit 384 bit

As ECC is a relatively new approach in cryptography, and it is not supported by older programs and operating systems. ECC SSL Certificates are not supported by Internet Explorer 7 in Windows XP. However, it should not be a issue, as windows xp users that are using Internet Explorer  version 7 or lower is a limited number of users.

The following table illustrates the main differences between RSA and ECC:

RSA is the first practical public-key cryptosystem and it's widely use ECC is the most powerful algorithm with the best performance
2048bit is the recommended key size for RSA prime256v1 is the recommended prime for ECC
RSA cryptosystem is supported by most operating systems and programs It uses much smaller and faster keys than RSA cryptosystem
RSA is slower and requires more processing power ECC is not supported by Internet Explorer 7 in Windows XP


How to order ECC Certificates?

Any Comodo SSL certificate has ECC support. Symantec Secure Site Pro EV also supports ECC. To use a ECSA encrypted key instead of  an RSA key, select the ECC algorithm during CSR generation.