On 19 March 2013 10:22, Leon Brits <le...@parsec.co.za> wrote: > Matt / List, > > > > Thanks for the example. It sure helped a lot. But I am still stuck at the EC > key generation. > > > > I’ve created keys for NIST Prime curves (224-571bit), Binary and Kolbits > curves (233-571 bit). I then convert the keys to PEM using the same method > which I used successfully for RSA and DSA which only calls > PEM_write_bio_PrivateKey() and PEM_write_bio_PUBKEY(). The type is never > specified in my functions. What is interesting now is that if I test the EC > PEM files, using the openssl command line tool, all the keys generated for > the NIST Prime curves is successfully parsed while the others fails with the > following error: >
Can you send me an offending PEM file? > > I’ve noticed that writing the PEM files using the above mentioned mechanism > does not add the letters “EC” to the PEM header and footer of the private > key (e.g. -----BEGIN EC PRIVATE KEY------ misses the “EC”). The spec seems > to say it must have these two characters. If I add the “EC” manually, I get > the following parsing error: They are different formats. If it has BEGIN PRIVATE KEY it is in PKCS 8 format. See: https://www.openssl.org/docs/apps/pkcs8.html If it says BEGIN EC PRIVATE KEY then its as per RFC 5915 > > Also can someone shed some light on the naming of the curves: Take for > example “NID_secp224r1”. From the bits I can see that it is a NIST prime > curve which is also indicated by the ‘p’ (right?), which then makes me > wonder why all the binary curves has a ‘t’ (e.g. NID_sect233r1). Next, to > distinguish between the NIST binary curves and the Kolbitz curves the only > indication is that the Kolbitz curve names ends with a ‘k1’ - is this > correct? And if so what is the ‘r’ for then in the NIST prime and NIST > binary numbers? And finally, why is there not a NID_sect256r1, but rather a > NID_X9_62_prime256v1? The "sec" ones are named the same as per this document: http://www.secg.org/collateral/sec2_final.pdf The k indicates its a Kolbitz curve, whilst an "r" indicates that the parameters have been generated verifiably at random. The number is just to distinguish different curves with the similar characteristics e.g. sect193r1 and sect193r2. X9_62 refers to the ANSI standard X9.62 Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
