Hello,
> I am using openssl-0.9.8e. Can someone help me with making use of
> ECDSA with 224bit public and private keys?
You may try something like that:
1) Generate and display EC private/public key:
# openssl ecparam -genkey -name secp224r1 -out ec-key.pem
# openssl ec -in ec-key.pem -text -noout
read EC key
Private-Key: (224 bit)
priv:
47:ed:fe:43:2b:1a:7f:27:ed:e3:99:0a:5b:af:e7:
33:03:cc:5a:2f:da:b9:a3:06:e8:3f:d6:7d
pub:
04:ca:77:df:dc:af:86:a7:e0:a0:4f:c2:29:5d:fc:
be:0b:75:60:ca:7c:a2:f8:bf:0d:4e:53:f2:cf:1e:
5a:98:02:a7:72:e0:3e:34:9c:04:fe:fa:1c:f4:1a:
c9:26:1b:0a:8f:5d:a2:fb:73:32:0c:a4
ASN1 OID: secp224r1
2) Separate public key from private key
# openssl ec -in ec-key.pem -text -pubout -out ec-key-pub.pem
read EC key
writing EC key
# openssl ec -in ec-key-pub.pem -text -pubin -noout
read EC key
pub:
04:ca:77:df:dc:af:86:a7:e0:a0:4f:c2:29:5d:fc:
be:0b:75:60:ca:7c:a2:f8:bf:0d:4e:53:f2:cf:1e:
5a:98:02:a7:72:e0:3e:34:9c:04:fe:fa:1c:f4:1a:
c9:26:1b:0a:8f:5d:a2:fb:73:32:0c:a4
ASN1 OID: secp224r1
3) Create test file:
# echo test test test > file.txt
4) Sign test file with EC private key:
# openssl dgst -sign ec-key.pem \
-ecdsa-with-SHA1 < file.txt > file.sig
5) ECDSA signature is ASN.1 sequence of two integers (r,s), check this:
# openssl asn1parse -in file.sig -inform der
0:d=0 hl=2 l= 60 cons: SEQUENCE
2:d=1 hl=2 l= 28 prim: INTEGER :5B3E9C6F568B343C32ED2...
32:d=1 hl=2 l= 28 prim: INTEGER :2F1623E54D193AF7D0984...
6) Verify file signature with EC public key:
# openssl dgst -verify ec-key-pub.pem \
-ecdsa-with-SHA1 -signature file.sig < file.txt
Verified OK
DSA signature for every sign operation are different
because of randomly generated parameter k for every sign.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
