Re: Elliptic Curve key generation help
Hi,
Based on the previous conversations, I tried to generate Elliptic Curve
public/Private key pair. I want to convert the output BIGNUM* to char* in order
to perform the rest of my task. Using BN_bn2hex is the correct api to do this?
It seems it returns a 32 byte Hex while when I generate EC keys by command, it
is much bigger. I want an output like this for public key and private key:
-BEGIN EC PARAMETERS-
BggqhkjOPQMBBw==
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49
AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua
Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
-END EC PRIVATE KEY-
and
-BEGIN PUBLIC KEY-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw
oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
-END PUBLIC KEY-
Here is my code:
EC_KEY *ecKey = EC_KEY_new();
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_set_group(ecKey, group);
int iECGenKey = EC_KEY_generate_key(ecKey);
BIGNUM *pPubKey, *pPrivKey;
pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey);
char* pchPrivKey = BN_bn2hex(pPrivKey);
int nBytes = BN_num_bytes(pPrivKey);
string strPrivKey;
strPrivKey.assign(pchPrivKey);
if (pPrivKey != NULL)
OPENSSL_free(pPrivKey);
pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey);
char* pchPubKey = BN_bn2hex(pPubKey);
string strPubKey;
strPubKey.assign(pchPubKey);
if (pPubKey != NULL)
OPENSSL_free(pPubKey);
It would be appreciated if you can help me.
Thanks
From: Thomas Leavy tombu...@gmail.com
To: openssl-users@openssl.org openssl-users@openssl.org
Cc: openssl-users@openssl.org openssl-users@openssl.org
Sent: Wednesday, August 15, 2012 2:52 AM
Subject: Re: Elliptic Curve key generation help
Wow can't believe I already got an answer! Thanks so much guys I should be good
to go.
On Aug 14, 2012, at 6:59 PM, Jason Goldberg jgoldb...@oneid.com wrote:
Before you call generate_key, you need to initialize your EC_KEY with a curve:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve);
EC_KEY_set_group(testKey, group);
For 'curve' you could use, for example, NIST P256 which is defined with the
macro: NID_X9_62_prime256v1
You can then use these primitives to get the public and private keys:
EC_KEY_get0_private_key
EC_KEY_get0_public_key
Jason
On Aug 14, 2012, at 5:49 PM, Tom Leavy tombu...@gmail.com
wrote:
I have been trying to figure out how to generate an elliptic curve public
private key pair and can't find much information on how you properly do that.
So far I have done the following and I'm pretty sure I am missing a step
someplace.
void makeECCKeyPair() {
EC_KEY *testKey = EC_KEY_new();
EC_KEY_generate_key(testKey);
}
RE: How do session accept timeout with OpenSSL
Okay, I think I get it. Every OpenSSL example I have seen uses BIO, but there is no need to use BIO, right (unless one wants I/O-type-independence)? I have eliminated all of my BIO usage. I'm using normal TCP/IP bind(), select(), accept(), and then SSL_set_fd(ssl, socket) and SSL_accept(); I then use SSL_read() to read data on the session. It seems to be working (with some loose ends, but I am getting farther than before). Is there anything wrong with this approach? Is this approach a bad idea? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of CharlesTSR Sent: Tuesday, August 14, 2012 5:12 PM To: openssl-users@openssl.org Subject: How do session accept timeout with OpenSSL Thanks Dave for your time and patience. I am porting an existing Windows-based TCP/IP server (receive-only, not a Web server) to OpenSSL. The way it works with TCP/IP is it sets up a socket, binds it to the desired port, sets up a timeval, and issues a select. When the select is satisfied if the socket is ready it starts a thread that issues an accept and goes into a receive loop. Otherwise it does some housekeeping like checking for a quit flag. In any event it loops back around to the select. Pretty typical I think. Most of that ports fairly straightforwardly to OpenSSL. Not one to one, but pretty straghtforward: BIO_new_accept(), BIO_do_accept() * 2, BIO_pop(), SSL_setbio(), ... What about the select? Is there some sort of BIO_select()? Is there some way to do SSL on native sockets rather than BIO objects? BIO has (I think!) a __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
