On Tue, Nov 09, 2010 at 09:34:42PM +0100, Stef Hoeben wrote: > Hi, > > using the openssl tool, we generated an Elliptic Curve key pair > and put it into a pkcs8 file: > > 0 48: SEQUENCE { > 3 2: INTEGER 0 > 6 48: SEQUENCE { > 8 6: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) > 17 6: OBJECT IDENTIFIER '1 2 840 10045 3 1 7' > : } > 27 4: OCTET STRING, encapsulates { > ... > > However, instead of the 2nd object identifier (that tells which > EC it is), we'd need the domain parameters of the EC themselves. > > It this possible with the openssl tool -- or with openssl itself?
Have you looked at the ecparam(1) manpage? ... -param_enc arg This specifies how the elliptic curve parameters are encoded. Possible value are: named_curve, i.e. the ec parameters are speci- fied by a OID, or explicit where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters struc- tures). The default value is named_curve. Note the implicitlyCA alternative ,as specified in RFC 3279, is currently not imple- mented in OpenSSL. Example (1.0.0a): $ openssl ecparam -genkey -name prime256v1 -text -param_enc explicit Field Type: prime-field Prime: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff A: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:fc B: 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86: bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2: 60:4b Generator (uncompressed): 04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4: 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8: 98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a: 7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40: 68:37:bf:51:f5 Order: 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff: ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc: 63:25:51 Cofactor: 1 (0x1) Seed: c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26: b7:81:9f:7e:90 -----BEGIN EC PARAMETERS----- MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP////////// /////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6 k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+ kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz ucrC/GMlUQIBAQ== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIIBaAIBAQQgHqdKw3PmrxxFzUr4JFjFetuHhG2kT/nnkFyqVBFKSn2ggfowgfcC AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA//////////////// MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8 YyVRAgEBoUQDQgAEXPmUSlKlJY/uhPRoOeeTloBgJsB3hlcHCNPU03tlMeoESWeM MG4FoMedrrlTtt+oSJZ8uLt96gSZEUM380rXrg== -----END EC PRIVATE KEY----- -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org