Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni
On Fri, Jan 13, 2017 at 03:26:08PM -0500, Ken Goldman wrote: > On 1/13/2017 2:02 PM, Viktor Dukhovni wrote: > > > parameter setting error > > > 139854491113288:error:06089094:digital envelope > > > routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404: > > > > In that case, your OpenSSL

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman
On 1/13/2017 2:02 PM, Viktor Dukhovni wrote: parameter setting error 139854491113288:error:06089094:digital envelope routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404: In that case, your OpenSSL library is broken, or was built without EC support. Perhaps you're running the wrong

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni
On Fri, Jan 13, 2017 at 01:49:14PM -0500, Ken Goldman wrote: > On 1/13/2017 1:21 PM, Viktor Dukhovni wrote: > > On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote: > > Still no success. I think this is exactly what you suggested, and something > I had already tried. > > openssl

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman
On 1/13/2017 1:21 PM, Viktor Dukhovni wrote: On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote: Still no success. I think this is exactly what you suggested, and something I had already tried. openssl genpkey -out cakeyecc.pem -outform PEM -pass pass: -aes256 -algorithm

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni
On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote: > Easier to read the documentation and use the appropriate value. https://www.openssl.org/docs/man1.1.0/apps/genpkey.html -- Viktor. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni
On Fri, Jan 13, 2017 at 01:06:10PM -0500, Ken Goldman wrote: > I gather now that there are two -pkeyopt: Yes. > ec_paramgen_curve > ec_param_enc > > I tried prime256v1 for each, and also named_curve and explicit > for the second, in many combinations. Easier to read the documentation and use

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman
Thanks for the help. Am I getting closer? On 1/13/2017 9:44 AM, Viktor Dukhovni wrote: Also, take a look at test/certs/mkcert.sh: I looked at that, but what is $bits? The curve name. You're sure fond of leaving off the leading "-" in option names. You'll also really want the

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni
On Fri, Jan 13, 2017 at 09:32:01AM -0500, Ken Goldman wrote: > > The "aes-256-cbc" argument is wrong. Try "-aes256". > > BTW, I got aes-256-cbc from > > https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations > > and > openssl list-cipher-commands When cipher names are used

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Matt Caswell
On 13/01/17 14:32, Ken Goldman wrote: > Thanks, getting closer ... > > On 1/12/2017 5:47 PM, Viktor Dukhovni wrote: >>> My latest attempt is this. It gives me a usage error. Any hints? >>> >>> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: >>> aes-256-cbc -algorithm ec

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman
Thanks, getting closer ... On 1/12/2017 5:47 PM, Viktor Dukhovni wrote: My latest attempt is this. It gives me a usage error. Any hints? openssl genpkey -out cakeyecc.pem -outform pem -pass pass: aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text The "aes-256-cbc"

Re: [openssl-users] Generate ECC key with password protection

2017-01-12 Thread Viktor Dukhovni
> On Jan 12, 2017, at 5:34 PM, Ken Goldman wrote: > >>> Is there a openssl command that can generate an ECC key pair where the >>> output file is password protected? >> openssl genpkey > > My latest attempt is this. It gives me a usage error. Any hints? > > openssl

Re: [openssl-users] Generate ECC key with password protection

2017-01-12 Thread Ken Goldman
On 7/20/2016 10:26 AM, Jakob Bohm wrote: On 20/07/2016 16:21, Ken Goldman wrote: From these web pages: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations https://www.openssl.org/docs/manmaster/apps/ecparam.html the "openssl ecparam -genkey" command does not accept a

[openssl-users] Generate ECC key with password protection

2016-07-20 Thread Ken Goldman
From these web pages: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations https://www.openssl.org/docs/manmaster/apps/ecparam.html the "openssl ecparam -genkey" command does not accept a password. The (perhaps) equivalent "openssl genrsa" command does. Is there a

Re: [openssl-users] Generate ECC key with password protection

2016-07-20 Thread Jakob Bohm
On 20/07/2016 16:21, Ken Goldman wrote: From these web pages: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations https://www.openssl.org/docs/manmaster/apps/ecparam.html the "openssl ecparam -genkey" command does not accept a password. The (perhaps) equivalent "openssl