On Thu, Jan 23, 2014 at 02:06:53PM +0100, Dr. Stephen Henson wrote: > On Wed, Jan 22, 2014, wizzbert wrote: > > You need to set the EC_KEY to use the named curve option which isn't the > default. You can do that with: > > EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
I think the below also works: EVP_PKEY *key = 0; EC_KEY *eckey; EC_GROUP *group = 0; if ((eckey = EC_KEY_new()) != 0 && (group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 0 && (EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE), EC_KEY_set_group(eckey, group)) && EC_KEY_generate_key(eckey) && (key = EVP_PKEY_new()) != 0 && !EVP_PKEY_set1_EC_KEY(key, eckey)) { EVP_PKEY_free(key); key = 0; } if (group) EC_GROUP_free(group); if (eckey) EC_KEY_free(eckey); This is currently used in Postfix DANE support, but the key is never included in any externally visible certificate. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org