Steve, you are right, an EC private key without params is not useful (note that a key with NULL parameters extracted from a cert is not at all parameterless). But this is not the answer to the original request.
RFC 5915 says on p.3: Though the ASN.1 indicates that the parameters field is OPTIONAL, implementations that conform to this document MUST always include the parameters field. Therefore OpenSSL is full in line with RFC 5915. Reading the complete RFC is always recommended. /Ernst. On Sat Jul 19 09:14:36 2014, noloa...@gmail.com wrote: > According to RFC 5915 (http://tools.ietf.org/html/rfc5915): > > ECPrivateKey ::= SEQUENCE { > version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), > privateKey OCTET STRING, > parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, > publicKey [1] BIT STRING OPTIONAL > } > > Given the following key: > > $ dumpasn1 ec-priv-xxx.der > 0 37: SEQUENCE { > 2 1: INTEGER 1 > 5 32: OCTET STRING > : 2C 14 F9 E0 30 87 7E 63 7E 4C 4F A3 10 FE 2B 6E > : D3 A8 F6 95 31 84 15 E6 58 DA D6 E4 DE DB 06 B9 > : } > > The 'ec' command fails to parse it: > > $ openssl ec -in ec-priv-xxx.der -inform DER -text -noout > read EC key > unable to load Key > 140735144063452:error:10092010:elliptic curve > routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1160: > The EC code assumes that parameters are present in several places and can't be adjusted to cover absent parameters AFAICS without some major changes. A private key without parameters is unusable anyway. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
