I am really clueless to the direction to go. I will try to clearly present
the question again.
I have written the Elliptical Curve public key to a file as an octet string.
All code has some
serious error checking but no sense in enclosing here.
::code excerpt below to save EC public key::
int len= i2o_ECPublicKey(eckey,NULL); //get length
unsigned char *buf=(unsigned char *)0;
ret= i2o_ECPublicKey(eckey,( unsigned char **)&buf); //get Octet data
fp = fopen(args[1],"wb"); //open file
fwrite(buf,1,len,fp); //write data out
fclose(fp); //close it
I use this file to verify signatures as shown below.
pubdata = getdata(args[1], &publen); //read the public key from a file.
EC_KEY *pubkey = EC_KEY_new(); //create the public EC_KEY now
ret= EC_KEY_set_group(pubkey,EC_GROUP_new_by_curve_name(NID_secp192k1) );
pubkey= o2i_ECPublicKey(&pubkey, (const unsigned char **)&pubdata,
publen);
Get the message digest (md) of the content you want to authenticate
to the ECDSA signature (sig) that you created from the md in the first
place.
//hey now I can verify signatures
ret = ECDSA_do_verify(md, 20, sig, pubkey);
AND THIS ALL WORKS NICELY. BUT the Octet file of the public key of the
EC_KEY is
simply an Octet output file.
SO MAYBE I CAN GO THIS PATH to create the ECDSA keys and X.509 for public
key
using the command line.
openssl ecparam -out ec_key.pem -name secp192k1 -genkey
openssl req -newkey ec:ec_key.pem -x509 -nodes -days 365 -keyout pkey.pem
-out cer
The certificate is "cer" which has the public ECDSA key and the private
ECDSA is pkey.pem.
(Q1) So how do I open the pkey.pem to create a EC_KEY to create signatures
from
message digests, I use to do this using the DER data saved. A DER is not
PEM.
privdata = getdata(args[2], &privlen ); //open the DER file
EC_KEY *eckey = EC_KEY_new();
ret= EC_KEY_set_group(eckey,EC_GROUP_new_by_curve_name(NID_secp192k1) );
eckey = d2i_ECPrivateKey(&eckey, (const unsigned char **)&privdata,
privlen);
//hey now I can sign things.
sig = ECDSA_do_sign(md, 20, eckey); //Do sign it dude
(Q2) How do I open the X.509 now for the public key to verify signatures.
I use to do it this way using the octet file
pubdata = getdata(args[1], &publen); //open the octet file
EC_KEY *pubkey = EC_KEY_new();
ret= EC_KEY_set_group(pubkey,EC_GROUP_new_by_curve_name(NID_secp192k1)
);
pubkey= o2i_ECPublicKey(&pubkey, (const unsigned char **)&pubdata,
publen);
//hey now I can verify signatures
ret = ECDSA_do_verify(md, 20, sig, pubkey);
Overall the command line provides the ECDSA keys very nicely and two files a
PEM and a X.509
for public and thats good but now I am faced with some new formats to
achieve the same
goals. So please outline what I can do for Q1 and Q2 then as they are solved
already for
octet and DER saved keys from ECDSA.
--
View this message in context:
http://old.nabble.com/ECDSA-pub-priv-data-storage-Best-Practices-tp34477847p34487797.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
