Re: EC domain params instead of the OID in the pkcs8 key file?

Tue, 09 Nov 2010 13:51:45 -0800 

On Tue, Nov 09, 2010 at 09:34:42PM +0100, Stef Hoeben wrote:

> Hi,
> 
> using the openssl tool, we generated an Elliptic Curve key pair
> and put it into a pkcs8 file:
> 
>    0   48: SEQUENCE {
>    3    2:   INTEGER 0
>    6   48:   SEQUENCE {
>    8    6:     OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
>   17    6:     OBJECT IDENTIFIER '1 2 840 10045 3 1 7'
>          :     }
>   27    4:   OCTET STRING, encapsulates {
>   ...
> 
> However, instead of the 2nd object identifier (that tells which
> EC it is), we'd need the domain parameters of the EC themselves.
> 
> It this possible with the openssl tool -- or with openssl itself?

Have you looked at the ecparam(1) manpage?

        ...

       -param_enc arg
           This specifies how the elliptic curve parameters are encoded.
           Possible value are: named_curve, i.e. the ec parameters are speci-
           fied by a OID, or explicit where the ec parameters are explicitly
           given (see RFC 3279 for the definition of the EC parameters struc-
           tures). The default value is named_curve.  Note the implicitlyCA
           alternative ,as specified in RFC 3279, is currently not imple-
           mented in OpenSSL.

Example (1.0.0a):

$ openssl ecparam -genkey -name prime256v1 -text -param_enc explicit
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)
Seed:
    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
    b7:81:9f:7e:90
-----BEGIN EC PARAMETERS-----
MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP//////////
/////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6
k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+
kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK
fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz
ucrC/GMlUQIBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBaAIBAQQgHqdKw3PmrxxFzUr4JFjFetuHhG2kT/nnkFyqVBFKSn2ggfowgfcC
AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA////////////////
MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr
vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE
axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W
K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8
YyVRAgEBoUQDQgAEXPmUSlKlJY/uhPRoOeeTloBgJsB3hlcHCNPU03tlMeoESWeM
MG4FoMedrrlTtt+oSJZ8uLt96gSZEUM380rXrg==
-----END EC PRIVATE KEY-----

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to