Using Brainpool ECC curves in Java (with HSM)

In EAC ePassports the Brainpool family of curves can be used, and is used by some countries. Java (or more specifically the Sun JCE and PKCS#11 provider) does not have support for this curve naturally, it is not a named curve that it knows about. The kind guys over at Ministerie van Binnenlandse Zaken en Koninkrijksrelaties in Netherlands experimented and showed us how to use it with a SafeNet ProtectServer Gold.

I tested it out and wrote a howto for EJBCA. The downside is that you have to generate the keys with the HSM tools, so you can not generate new keys from within the EJBCA admin gui.

Of course if you are not using an HSM, the Bouncycastle provider has support for them out of the box.