Hi,
Thanks for the response. I still have a small problem regarding ECDSA key
generation. I have the following code to generate ECDSA public/private key pair:
EC_KEY *ecKey = EC_KEY_new();
> if (ecKey == NULL)
> return ERR_CODE_ECDSA_EC_KEY_NEW_EXCEPTION;
>
>
>
> EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
> if (group == NULL)
> return ERR_CODE_ECDSA_EC_GROUP_NEW_BY_CURVE_NAME_EXCEPTION;
>
>
>
> EC_KEY_set_group(ecKey, group);
>
>
>
>
>
> if (!EC_KEY_generate_key(ecKey))
> return ERR_CODE_ECDSA_EC_KEY_GENERATE_KEY;
>
>
>
> BIO* memoryBioPriKey = BIO_new(BIO_s_mem());
>
> PEM_write_bio_ECPrivateKey(memoryBioPriKey, ecKey, NULL, NULL, 0, NULL,
>NULL);
> char* pchPriKey = NULL;
> pchPriKey = new char[4096];
> BIO_read(memoryBioPriKey, pchPriKey, 4096);
> strPrivateKey.assign(pchPriKey);
>
> iPrivateKeyLen = strPrivateKey.length();
> BIO_free(memoryBioPriKey);
> if (pchPriKey != NULL) {
> delete []pchPriKey;
> pchPriKey = NULL;
> }
> ERR_print_errors_fp(stderr);
>
>
> BIO* memoryBioPubKey = BIO_new(BIO_s_mem());
> PEM_write_bio_EC_PUBKEY(memoryBioPubKey, ecKey);
> char* pchPubKey = NULL;
> pchPubKey = new char[4096];
> BIO_read(memoryBioPubKey, pchPubKey, 4096);
> strPublicKey.assign(pchPubKey);
>
> iPublicKeyLen = strPublicKey.length();
> BIO_free(memoryBioPubKey);
> if (pchPubKey != NULL) {
> delete []pchPubKey;
> pchPubKey = NULL;
> }
The generated public key and private key look like this, which is not meaning
full:
-----BEGIN PUBLIC KEY-----
>MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAA
>AAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA////
>///////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd
>NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5
>RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA
>//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABCESPFrTQknk/kDJ8aYTi4Nb
>751jubWetBy2TFX4rGZthD7h4W04E1cXDqQB+yFKgNiT1hg+5857SrHSuzxOo0Q=
>-----END PUBLIC KEY-----
>
>>
>
>>
>
>>
>-----BEGIN EC PRIVATE KEY-----
>MIIBaAIBAQQgV+8Lgl7Tu0v/CnS3HdkqE59UEHFzUZTy1rJheMoUUYuggfowgfcC
>AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA////////////////
>MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr
>vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE
>axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W
>K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8
>YyVRAgEBoUQDQgAEIRI8WtNCSeT+QMnxphOLg1vvnWO5tZ60HLZMVfisZm2EPuHh
>bTgTVxcOpAH7IUqA2JPWGD7nzntKsdK7PE6jRA==
>-----END EC PRIVATE KEY-----
Any idea what are these extra characters inside the public key and private key?
It is really strange to me. Maybe I'm not using the openssl APIs in the correct
sequence. Any idea?
________________________________
From: Jason Goldberg <jgoldb...@oneid.com>
To: "<openssl-users@openssl.org>" <openssl-users@openssl.org>
Sent: Wednesday, August 15, 2012 2:35 PM
Subject: Re: Elliptic Curve key generation help
You can actually skip the step of using the BN functions and write your keypair
directly to PEM format:
PEM_write_bio_ECPrivateKey
You can then use the BIO functions to either read a string from memory, write
it to file, etc. See: http://www.openssl.org/docs/crypto/bio.html#
Jason
On Aug 15, 2012, at 5:59 AM, Mohammad khodaei <m_khod...@yahoo.com>
wrote:
Hi,
>
>
>Based on the previous conversations, I tried to generate Elliptic Curve
>public/Private key pair. I want to convert the output BIGNUM* to char* in
>order to perform the rest of my task. Using BN_bn2hex is the correct api to do
>this? It seems it returns a 32 byte Hex while when I generate EC keys by
>command, it is much bigger. I want an output like this for public key and
>private key:
>
>
>-----BEGIN EC PARAMETERS-----
>>BggqhkjOPQMBBw==
>>-----END EC PARAMETERS-----
>>-----BEGIN EC PRIVATE KEY-----
>>MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49
>>AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua
>>Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
>>-----END EC PRIVATE KEY-----
>
>
>
>
>and
>
>
>-----BEGIN PUBLIC KEY-----
>>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw
>>oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
>>-----END PUBLIC KEY-----
>
>
>
>
>Here is my code:
>
>
> EC_KEY *ecKey = EC_KEY_new();
> EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
> EC_KEY_set_group(ecKey, group);
>
>
> int iECGenKey = EC_KEY_generate_key(ecKey);
>
>
> BIGNUM *pPubKey, *pPrivKey;
>
>
> pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey);
> char* pchPrivKey = BN_bn2hex(pPrivKey);
> int nBytes = BN_num_bytes(pPrivKey);
>
>
> string strPrivKey;
> strPrivKey.assign(pchPrivKey);
> if (pPrivKey != NULL)
> OPENSSL_free(pPrivKey);
>
>
> pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey);
> char* pchPubKey = BN_bn2hex(pPubKey);
> string strPubKey;
> strPubKey.assign(pchPubKey);
> if (pPubKey != NULL)
> OPENSSL_free(pPubKey);
>
>
>
>
>
>
>It would be appreciated if you can help me.
>
>
>Thanks
>
>
>
>________________________________
> From: Thomas Leavy <tombu...@gmail.com>
>To: "openssl-users@openssl.org" <openssl-users@openssl.org>
>Cc: "<openssl-users@openssl.org>" <openssl-users@openssl.org>
>Sent: Wednesday, August 15, 2012 2:52 AM
>Subject: Re: Elliptic Curve key generation help
>
>
>Wow can't believe I already got an answer! Thanks so much guys I should be
>good to go.
>
>
>On Aug 14, 2012, at 6:59 PM, Jason Goldberg <jgoldb...@oneid.com> wrote:
>
>
>Before you call generate_key, you need to initialize your EC_KEY with a curve:
>>
>>
>>EC_GROUP *group = EC_GROUP_new_by_curve_name(curve);
>>EC_KEY_set_group(testKey, group);
>>
>>
>>For 'curve' you could use, for example, NIST P256 which is defined with the
>>macro: NID_X9_62_prime256v1
>>
>>
>>You can then use these primitives to get the public and private keys:
>>
>>
>>EC_KEY_get0_private_key
>>EC_KEY_get0_public_key
>>
>>
>>Jason
>>
>>On Aug 14, 2012, at 5:49 PM, Tom Leavy <tombu...@gmail.com>
>> wrote:
>>
>>I have been trying to figure out how to generate an elliptic curve public
>>private key pair and can't find much information on how you properly do that.
>>So far I have done the following and I'm pretty sure I am missing a step
>>someplace.
>>>
>>>
>>>void makeECCKeyPair() {
>>> EC_KEY *testKey = EC_KEY_new();
>>> EC_KEY_generate_key(testKey);
>>>}
>>
>
>
