> From: [email protected] On Behalf Of Jeffrey Walton
> Sent: Wednesday, 21 October, 2009 18:09
Just a few small tweaks:
> First, generate the domain parameters:
> openssl ecparam -genkey -name secp160k1 -out c:\key.pem
> Next, strip the PBE:
> openssl ec -in c:\key.pem -out c:\naked.pem
>
That strips the parameters; there is no PBE here.
The same thing can be done in one step with
openssl ecparam -genkey -name secp160k1 -noout -out naked.pem
# yes -noout and -out, even though it looks silly
> Strip the Base 64 encoding:
> openssl base64 -d -in naked.pem -out c:\key.asn1
>
> Next, use Guttmans asn.1 dumper ('openssl asn1parse -in c:\key.asn1'
> results in an error):
openssl asn1parse defaults to base64/PEM.
openssl asn1parse -in naked.pem
openssl asn1parse -in c:\key.asn1 -inform der
But it doesn't display the BITSTRING value by default, so add -dump .
(And remember that the first byte of a BITSTRING value is num_unused,
so start looking after that.)
Or more easily just
openssl ec -in naked.pem -text -noout
shows you the fields in the key, though not the ASN1 overhead.
> At this point, the public key is the bit string 04 09 44 E1 ... B7 AC
> 41 89. It's an ECPoint type (cf: SEC-1 and RFC 5480, Setion 2.2 -
> Subject Public Key).
<snip>
> I don't know how to get OpenSSL to give up the remainder of the
> secrets, but I do know how to do it in Crypto++ (can anyone help me
> out here?). Here's what I got from my Crypto++ program:
>
I don't see anything that breaks down the public point,
though it's not hard to do by hand.
To see the parameter details for a named curve
openssl ecparam -in keywith.pem -param_enc explicit -text -noout
or just
openssl ecparam -name secp160k1 -param_enc explicit -text -noout
(But again point G is a single blob, not broken down.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
