HOWTO: Elliptic Curve Cryptography support in Rebex SSH and Rebex TLS/SSL

Introduction

Elliptic Curve Cryptography (ECC) is an attractive alternative to classic public-key algorithms based on modular exponentiation. Compared to the algortihms such as RSA, DSA or Diffie-Hellman, elliptic curve cryptography offers equivalent security with smaller key sizes.

Built-in support for ECC algorithms in Microsoft Windows and .NET Framework used to be very limited. Before Windows 10, the OS only supported Elliptic Curve DSA (ECDSA) and Elliptic Curve Diffie Hellman (ECDH) based on NIST P-256, P-384 and P-521 curves. Additionally, MS CNG API implementation of ECDH was not quite suitable for SSH due to lack of support for compatible shared secret padding methods. On top of this, there used to be a bug in MS CNG implementation of ECDH related to handling of shared secret padding, which can occasionally lead to TLS/SSL negotiation failures on old systems.

Supported algorithms

Due to the limitations mentioned above, Rebex components do not support all ECC algorithm out-of-the-box on all platforms. However, algorithms not provided by the OS or .NET can be easily enabled using an external plugin. The following table lists both natively-supported algorithms and those that require a plugin:

Protocol	Components	Supported elliptic curve algorithms
TLS/SSL (client side and server side)	Rebex HTTPS Rebex FTP/SSL Rebex WebSocket Rebex IMAP (part of Rebex Secure Mail) Rebex EWS (part of Rebex Secure Mail) Rebex POP3 (part of Rebex Secure Mail) Rebex SMTP (part of Rebex Secure Mail) Rebex Telnet/SSL (part of Terminal Emulation)	Built-in support: ECDSA with NIST P-256/P-384/P-521 curves - on Windows Vista (or higher), on Windows Embedded Compact 2013, on Linux (via .NET Core >=2.1) ECDSA with Brainpool P-256 R1, P-384 R1 and P-512 R1 curves - on Windows 10/11 and Windows Server 2016 (or higher), on Linux (via .NET Core >=2.1 when available) ECDH with NIST P-256/P-384/P-521 curves in TLS 1.2 - on Windows 7 (or higher), on Windows Server 2008 R2 (or higher), on Linux (via .NET Core >=2.1) ECDH with NIST P-256/P-384/P-521 curves in TLS 1.3/1.1/1.0 - on Windows Vista (or higher), on Windows Server 2008 R1 (or higher), on Windows Embedded Compact 2013, on Linux (via .NET Core >=2.1) ECDH with Brainpool P-256 R1, P-384 R1 and P-512 R1 curves - on Windows 10/11 and Windows Server 2016 (or higher), on Linux (via .NET Core >=2.1 when available) ECDH with Curve25519 - on Windows 10/11 and Windows Server 2016 (or higher)
TLS/SSL (client side and server side)		With external plugins: ECDSA with NIST P-256/P-384/P-521 curves - on all platforms ECDH with NIST P-256/P-384/P-521 curves - on all platforms ECDH with Brainpool P-256 R1, P-384 R1 and P-512 R1 curves - on all platforms ECDH with Curve25519 - on all platforms
SSH (client-side)	Rebex SFTP Rebex SCP (part of Rebex SFTP) Rebex SSH Shell (part of Terminal Emulation)	Built-in support: ECDSA with NIST P-256/P-384/P-521 curves - on Windows Vista (or higher), on Windows Embedded Compact 2013, on Linux (via .NET Core >=2.1) EdDSA with Ed25519 curve - on all platforms ECDH with NIST P-256/P-384/P-521 curves - on Windows Vista (or higher), on Windows Embedded Compact 2013, on Linux (via .NET Core >=2.1) ECDH with Curve25519 - on Windows 10/11 and Windows Server 2016 (or higher) (Note: Due to incompatible ECDH shared secred padding handling in MS CNG, negotiation failures may occasionally occur on Windows 8.1 or earlier and are worked around automatically.)
SSH (client-side)		With external plugins: ECDSA with NIST P-256/P-384/P-521 curves - on all platforms ECDH with NIST P-256/P-384/P-521 curves - on all platforms ECDH with Curve25519 - on all platforms
SSH (server-side)	Rebex File Server	Built-in support: ECDSA with NIST P-256/P-384/P-521 curves - on Windows Vista (or higher), on Windows Embedded Compact 2013, on Linux (via .NET Core >=2.1) EdDSA with Ed25519 curve - on all platforms ECDH with NIST P-256/P-384/P-521 curves - on Windows 10/11, on Windows Server 2016 (or higher), on Linux (via .NET Core >=2.1) ECDH with Curve25519 - on Windows 10/11 and Windows Server 2016 (or higher) (Note: ECDH is not supported on Windows 8.1 or earlier due to incompatible shared secred padding handling in MS CNG.)
SSH (server-side)	Rebex File Server	With external plugins: ECDSA with NIST P-256/P-384/P-521 curves - on all platforms ECDH with NIST P-256/P-384/P-521 curves - on all platforms ECDH with Curve25519 - on all platforms

Enabling external ECC plugins

To make it simple to enable ECC support in Rebex components, we provide a set of plugins based on various open-source libraries. For more information, licensing details and supported platforms, visit Simple Elliptic Curve Libraries page.

The compiled plugins are available for download: RebexEllipticCurvePlugins.zip

To register and enable these plugins, reference the DLLs from the ZIP file suitable for your platform and add the following code:

C#

using Rebex.Security.Cryptography;
...
    
// register NIST and Brainpool curves
AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
    
// register Curve25519
AsymmetricKeyAlgorithm.Register(Curve25519.Create);
    
// register Ed25519
AsymmetricKeyAlgorithm.Register(Ed25519.Create);

VB.NET

Imports Rebex.Security.Cryptography
...

' register NIST and Brainpool curves
AsymmetricKeyAlgorithm.Register(AddressOf EllipticCurveAlgorithm.Create)

' register Curve25519
AsymmetricKeyAlgorithm.Register(AddressOf Curve25519.Create)

' register Ed25519
AsymmetricKeyAlgorithm.Register(AddressOf Ed25519.Create)

The source code is available here: https://github.com/rebexnet/elliptic.