Re: Elliptic Curve key generation help
Hi, Based on the previous conversations, I tried to generate Elliptic Curve public/Private key pair. I want to convert the output BIGNUM* to char* in order to perform the rest of my task. Using BN_bn2hex is the correct api to do this? It seems it returns a 32 byte Hex while when I generate EC keys by command, it is much bigger. I want an output like this for public key and private key: -BEGIN EC PARAMETERS- BggqhkjOPQMBBw== -END EC PARAMETERS- -BEGIN EC PRIVATE KEY- MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49 AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -END EC PRIVATE KEY- and -BEGIN PUBLIC KEY- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -END PUBLIC KEY- Here is my code: EC_KEY *ecKey = EC_KEY_new(); EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY_set_group(ecKey, group); int iECGenKey = EC_KEY_generate_key(ecKey); BIGNUM *pPubKey, *pPrivKey; pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey); char* pchPrivKey = BN_bn2hex(pPrivKey); int nBytes = BN_num_bytes(pPrivKey); string strPrivKey; strPrivKey.assign(pchPrivKey); if (pPrivKey != NULL) OPENSSL_free(pPrivKey); pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey); char* pchPubKey = BN_bn2hex(pPubKey); string strPubKey; strPubKey.assign(pchPubKey); if (pPubKey != NULL) OPENSSL_free(pPubKey); It would be appreciated if you can help me. Thanks From: Thomas Leavy tombu...@gmail.com To: openssl-users@openssl.org openssl-users@openssl.org Cc: openssl-users@openssl.org openssl-users@openssl.org Sent: Wednesday, August 15, 2012 2:52 AM Subject: Re: Elliptic Curve key generation help Wow can't believe I already got an answer! Thanks so much guys I should be good to go. On Aug 14, 2012, at 6:59 PM, Jason Goldberg jgoldb...@oneid.com wrote: Before you call generate_key, you need to initialize your EC_KEY with a curve: EC_GROUP *group = EC_GROUP_new_by_curve_name(curve); EC_KEY_set_group(testKey, group); For 'curve' you could use, for example, NIST P256 which is defined with the macro: NID_X9_62_prime256v1 You can then use these primitives to get the public and private keys: EC_KEY_get0_private_key EC_KEY_get0_public_key Jason On Aug 14, 2012, at 5:49 PM, Tom Leavy tombu...@gmail.com wrote: I have been trying to figure out how to generate an elliptic curve public private key pair and can't find much information on how you properly do that. So far I have done the following and I'm pretty sure I am missing a step someplace. void makeECCKeyPair() { EC_KEY *testKey = EC_KEY_new(); EC_KEY_generate_key(testKey); }
RE: How do session accept timeout with OpenSSL
Okay, I think I get it. Every OpenSSL example I have seen uses BIO, but there is no need to use BIO, right (unless one wants I/O-type-independence)? I have eliminated all of my BIO usage. I'm using normal TCP/IP bind(), select(), accept(), and then SSL_set_fd(ssl, socket) and SSL_accept(); I then use SSL_read() to read data on the session. It seems to be working (with some loose ends, but I am getting farther than before). Is there anything wrong with this approach? Is this approach a bad idea? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of CharlesTSR Sent: Tuesday, August 14, 2012 5:12 PM To: openssl-users@openssl.org Subject: How do session accept timeout with OpenSSL Thanks Dave for your time and patience. I am porting an existing Windows-based TCP/IP server (receive-only, not a Web server) to OpenSSL. The way it works with TCP/IP is it sets up a socket, binds it to the desired port, sets up a timeval, and issues a select. When the select is satisfied if the socket is ready it starts a thread that issues an accept and goes into a receive loop. Otherwise it does some housekeeping like checking for a quit flag. In any event it loops back around to the select. Pretty typical I think. Most of that ports fairly straightforwardly to OpenSSL. Not one to one, but pretty straghtforward: BIO_new_accept(), BIO_do_accept() * 2, BIO_pop(), SSL_setbio(), ... What about the select? Is there some sort of BIO_select()? Is there some way to do SSL on native sockets rather than BIO objects? BIO has (I think!) a __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org