Re: ECDSA pub/priv data storage Best Practices

Wed, 26 Sep 2012 12:46:11 -0700 


On 9/25/2012 5:19 PM, redpath wrote:


Yes I see lots of fields to fill in for the X509 which is definitely the way
to go
from the RFC5480.

Is there any sample code out there to make a X509. I see that

    EVP_PKEY_assign_EC_KEY(***);
   r = i2d_PUBKEY_Bio(bp,evpkey);

will create a DER and from there any code to an x509.




The OpenSSL demoCA scripts can be used as a CA.

You can also create a self signed certificate
using the command:
 openssl req -x509 ...
either using an existing key or creating a new key,
or using an engine to access the private key.

If generating a key, you may need to create the ecparams
first for example:

  openssl ecparam -name prime256v1 > caparm


But note that an engine that supports ECC needs access to
ecdsa_method in ecs_locl.h (I have OpenSC engine that needs this.)

See these bug reports that are over a year and a half old:

http://rt.openssl.org/Ticket/Display.html?id=2568&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest





redpath wrote:


I have saved the private and public key of the ECDSA;
Just sample code below.

     int len= i2o_ECPublicKey(eckey,NULL);
     unsigned char *buf=(unsigned char *)0;
     ret= i2o_ECPublicKey(eckey,( unsigned char **)&buf);
     if (!ret){
        printf("Public key to octect string failed\n");
        return 1;
     }
     printf("\ni2o public\n");
     for (int i=0; i<len; i++)
       printf("%X ",buf[i]);
     printf("\n\n");

    printf("started SHA1\n");

     fp = fopen(args[1],"wb");
     if (fp==NULL){
       printf("Public file [%s] failed to create\n",args[1]);
        return 1;
     }
     fwrite(buf,1,len,fp);
     fclose(fp);

And have used this public key to check signature simply by reading the
file back
as data to "pubdata" using this function.

pubkey=  o2i_ECPublicKey(&pubkey, (const unsigned char **)&pubdata,
publen);

But what is the best packaging for this Public key as in handing it out?
I can simply provide this file but is there some packaging format
generally
used as Best Practices?







--

 Douglas E. Engert  <deeng...@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to