> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton > Sent: Wednesday, 21 October, 2009 18:09
Just a few small tweaks: > First, generate the domain parameters: > openssl ecparam -genkey -name secp160k1 -out c:\key.pem > Next, strip the PBE: > openssl ec -in c:\key.pem -out c:\naked.pem > That strips the parameters; there is no PBE here. The same thing can be done in one step with openssl ecparam -genkey -name secp160k1 -noout -out naked.pem # yes -noout and -out, even though it looks silly > Strip the Base 64 encoding: > openssl base64 -d -in naked.pem -out c:\key.asn1 > > Next, use Guttmans asn.1 dumper ('openssl asn1parse -in c:\key.asn1' > results in an error): openssl asn1parse defaults to base64/PEM. openssl asn1parse -in naked.pem openssl asn1parse -in c:\key.asn1 -inform der But it doesn't display the BITSTRING value by default, so add -dump . (And remember that the first byte of a BITSTRING value is num_unused, so start looking after that.) Or more easily just openssl ec -in naked.pem -text -noout shows you the fields in the key, though not the ASN1 overhead. > At this point, the public key is the bit string 04 09 44 E1 ... B7 AC > 41 89. It's an ECPoint type (cf: SEC-1 and RFC 5480, Setion 2.2 - > Subject Public Key). <snip> > I don't know how to get OpenSSL to give up the remainder of the > secrets, but I do know how to do it in Crypto++ (can anyone help me > out here?). Here's what I got from my Crypto++ program: > I don't see anything that breaks down the public point, though it's not hard to do by hand. To see the parameter details for a named curve openssl ecparam -in keywith.pem -param_enc explicit -text -noout or just openssl ecparam -name secp160k1 -param_enc explicit -text -noout (But again point G is a single blob, not broken down.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org