On Thu, Mar 21, 2013, Leon Brits wrote: > Stephen, > > > Just to clarify that a bit. EC keys are most comonly represented by named > > curves instead of explicit parameters. Unfortunately the default is to use > > explicit parameters and there's nothing (yet!) at an EVP_PKEY level to > > change that. > > > > They way you can change it is to either take the generated key or > > parameters and do something like this: > > > > EC_KEY *ec = EVP_PKEY_get1_EC(key); EC_KEY_set_asn1_flag(ec, > > OPENSSL_EC_NAMED_CURVE); EC_KEY_free(ec); > > At this stage the client only require support of the NIST curves, so I do > not think I will have to use this. They did however inquire on using the > Brainpool curves, so maybe in future in a follow up project I will. >
It's a good idea to *always* include that call if you generate keys with EVP as it uses a more common key format. It's easier with the unreleased OpenSSL 1.0.2: there's a ctrl now that handles this at the EVP level. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org