Yes, that works, thx! Just for the benifit of someone who tries to do the same, below are the command (in the 2nd line the cert req itself fails but the keypair gets generated and that's enough for me)
openssl ecparam -name prime256v1 -out ecparams.pem -param_enc explicit openssl req -config openssl.conf -nodes -subj "test" -keyout eckey.pem -newkey ec:ecparams.popenssl req -config openssl.conf -nodes -subj "test" -keyout eckey.pem -newkey ec:ecparams.p openssl pkcs8 -topk8 -in eckey.pem -nocrypt -out eckey.pkcs8 -outform DER Cheers, Stef > -----Original Message----- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Victor Duchovni > Sent: dinsdag 9 november 2010 22:11 > To: openssl-users@openssl.org > Subject: Re: EC domain params instead of the OID in the pkcs8 key file? > > On Tue, Nov 09, 2010 at 09:34:42PM +0100, Stef Hoeben wrote: > > > Hi, > > > > using the openssl tool, we generated an Elliptic Curve key pair > > and put it into a pkcs8 file: > > > > 0 48: SEQUENCE { > > 3 2: INTEGER 0 > > 6 48: SEQUENCE { > > 8 6: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) > > 17 6: OBJECT IDENTIFIER '1 2 840 10045 3 1 7' > > : } > > 27 4: OCTET STRING, encapsulates { > > ... > > > > However, instead of the 2nd object identifier (that tells which > > EC it is), we'd need the domain parameters of the EC themselves. > > > > It this possible with the openssl tool -- or with openssl itself? > > Have you looked at the ecparam(1) manpage? > > ... > > -param_enc arg > This specifies how the elliptic curve parameters are > encoded. > Possible value are: named_curve, i.e. the ec parameters are > speci- > fied by a OID, or explicit where the ec parameters are > explicitly > given (see RFC 3279 for the definition of the EC parameters > struc- > tures). The default value is named_curve. Note the > implicitlyCA > alternative ,as specified in RFC 3279, is currently not > imple- > mented in OpenSSL. > > Example (1.0.0a): > > $ openssl ecparam -genkey -name prime256v1 -text -param_enc explicit > Field Type: prime-field > Prime: > 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: > 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: > ff:ff:ff > A: > 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: > 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: > ff:ff:fc > B: > 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86: > bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2: > 60:4b > Generator (uncompressed): > 04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4: > 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8: > 98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a: > 7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40: > 68:37:bf:51:f5 > Order: > 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff: > ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc: > 63:25:51 > Cofactor: 1 (0x1) > Seed: > c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26: > b7:81:9f:7e:90 > -----BEGIN EC PARAMETERS----- > MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP////////// > /////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6 > k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+ > kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK > fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz > ucrC/GMlUQIBAQ== > -----END EC PARAMETERS----- > -----BEGIN EC PRIVATE KEY----- > MIIBaAIBAQQgHqdKw3PmrxxFzUr4JFjFetuHhG2kT/nnkFyqVBFKSn2ggfowgfcC > AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA//////////////// > MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr > vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE > axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W > K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8 > YyVRAgEBoUQDQgAEXPmUSlKlJY/uhPRoOeeTloBgJsB3hlcHCNPU03tlMeoESWeM > MG4FoMedrrlTtt+oSJZ8uLt96gSZEUM380rXrg== > -----END EC PRIVATE KEY----- > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
