Skip to content

PA2readme.md

Latest commit

 

History

History
102 lines (77 loc) · 2.5 KB

PA2readme.md

File metadata and controls

102 lines (77 loc) · 2.5 KB

Elliptic Curve Certificate Analyzer

This project analyzes elliptic curve parameters from X.509 certificates that use ECDSA (Elliptic Curve Digital Signature Algorithm) for authentication.
Given a PEM-encoded certificate, the tool identifies the elliptic curve, extracts its parameters, and prints a human-readable summary.

Overview

Modern HTTPS websites often use Elliptic Curve Digital Signatures (EC-DSA) for authentication.
This tool:

  1. Reads a server certificate (.crt / PEM).
  2. Detects which elliptic curve is used from its OID.
  3. Looks up the corresponding curve parameters.
  4. Prints the elliptic curve equation and prime field characteristic.

Supports NIST standard curves: P-256, P-384, P-521

Features

  • Parses PEM-encoded X.509 certificates
  • Detects elliptic curve using OID bytes
  • Prints:
    • Curve name & OID
    • Prime field p
    • Curve parameters (a, b)
    • Base point (Gx, Gy)
    • Order n, cofactor h
    • Security level (in bits)

Installation

Prerequisites

  • Python 3+

Clone Repo

git clone https://github.com/yourusername/ec-certificate-analyzer.git
cd ec-certificate-analyzer

Usage

python ec_cert_analyzer.py path/to/certificate.crt

Example:

python ec_cert_analyzer.py bits_certificate.crt

How The Code Works

  1. Reads Certificate

    • Opens .crt/.pem, removes header/footer, Base64 decodes to DER format

  2. Extracts Curve OID

    • Searches raw certificate bytes for known OID patterns such as
      • P-256 → 2a 86 48 ce 3d 03 01 07
      • P-384 → 2b 81 04 00 22
      • P-521 → 2b 81 04 00 23

  3. Loads Pre-Stored Parameters

    • Prime p
    • Weierstrass form: [ y^2 = x^3 + ax + b \mod p ]
    • Generator (Gx, Gy), order n, cofactor h, security bits

  4. Prints Analysis Report

    • Curve name & standard
    • Field type (prime field)
    • Parameters in hex/decimal
    • Fully formatted output for readability

Project Structure

ec-certificate-analyzer/
├─ ec_cert_analyzer.py   # Main script
├─ certificate.crt       # Example
└─ README.md

Limitations

  • Limited curves (currently P-256, P-384, P-521 only)
  • No chain validation or signature verification
  • OID scanning instead of full ASN.1 parsing

Future Scope

  • Add Brainpool, Curve25519, Ed25519
  • Full ASN.1 parser
  • ECDSA signature verification
  • PKCS#12 support

License

MIT

Disclaimer

For educational use only — not a substitute for production-grade certificate validation.