Re: EC Key "Version"

Dr. Stephen Henson Mon, 28 Mar 2011 04:40:48 -0700

On Sun, Mar 27, 2011, Massimiliano Pala wrote:

> Hello,
> 
> it seems that there are two different encoding versions when encoding
> EC keys. In particular, if using the EVP_PKEY_() the version is set to
> "0" - and that is incompatible with software other than OpenSSL.
> Here's an example:
> 
> -----BEGIN PRIVATE KEY-----
> MGcCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcETTBLAgEBBCDxE4JqRGtcOqVjy8wM
> gI/eDocdjKO4nVaSRRmeAiNeWaEkAyIAAua6xRQ8yyLt6j0+g8nS6P5LzsQqaPTN
> /HwjnCW/S0VN
> -----END PRIVATE KEY-----
> 
> To reproduce, simply use the openssl pkey command:
> 
>   $ openssl pkey -in key.pem | openssl asn1parse
> 
> The output is:
> 
>     0:d=0  hl=2 l= 103 cons: SEQUENCE
>     2:d=1  hl=2 l=   1 prim: INTEGER           :00
>     5:d=1  hl=2 l=  19 cons: SEQUENCE
>     7:d=2  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
>    16:d=2  hl=2 l=   8 prim: OBJECT            :prime256v1
>    26:d=1  hl=2 l=  77 prim: OCTET STRING      ...
> 
> On the other hand, if using the i2d_ECPrivateKey_bio() the version is
> automatically set to "1".
> 
> To reproduce, just use the openssl ec command:
> 
>   $ openssl ec -in key.pem | openssl asn1parse
> 
> The output is:
> 
>     0:d=0  hl=2 l=  87 cons: SEQUENCE
>     2:d=1  hl=2 l=   1 prim: INTEGER           :01
>     5:d=1  hl=2 l=  32 prim: OCTET STRING      [HEX DUMP]:F113...
>    39:d=1  hl=2 l=  10 cons: cont [ 0 ]
>    41:d=2  hl=2 l=   8 prim: OBJECT            :prime256v1
>    51:d=1  hl=2 l=  36 cons: cont [ 1 ]
>    53:d=2  hl=2 l=  34 prim: BIT STRING
> 
> So.. is there a way to have the EVP_PKEY_* code path behave as the
> ECPrivateKey_bio() code path ?
> 
> Is this a bug ? Any idea how to fast-fix it ?
>



There are two diferent versions of encoding most private keys. There is a key
specific format and the PKCS#8 version. The version nbumber you are referring
to is the PKCS#8 version field and not the EC version field.

Perhaps the other software doesn't support PKCS#8 format?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Re: EC Key "Version"

Reply via email to