Steve, Thank you for your response for creating an elliptic curve key (EC_KEY). It worked well. I'm not sure what the difference between EC_POINT_set_affine_coordinates_GFp and EC_POINT_set_affine_coordinates_GF2m. Time for some research.
In the same vein of using an HSM for creating the elliptic key, I would like to use the HSM for signing data. In particular, I want to sign X509 certs. I have studied code for X509_sign. I think I can use ASN1_ITEM_rptr and ASN1_item_i2d to extract the certificate data to be signed by the HSM. I have not figured out how to save r and s from the HSM and set appropriate cert info(e.g., algorithm) for correctly signing the cert. Again, thank you, Dean -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, March 19, 2011 5:25 AM To: openssl-users@openssl.org Subject: Re: elicptic Curve Key Generation On Fri, Mar 18, 2011, Strecker, Dean A. wrote: > Hello, > > I'm using the OpenSSL Crypto library to perform Elliptic Curve key > generation and signature generation/verification. Actually, I don't > have any problem creating a key (EC_KEY) and generating signatures and > verifying signatures using pure OpenSSL. > > The challenge I'm having is that I'm using a Hardware Security Module > (HSM) to generate the private key and the public key point (X, Y). I > thought I might be able to initialize the EC_KEY->priv_key and > EC_KEY->pub_key with the data generated by the HSM before calling > EC_KEY_generate_key(EC_KEY). > I was hoping this would act as an "Import" key action. Wrong! > EC_KEY_generate_key generates new private and public key point > overriding the private and public key point passed into the > EC_KEY_generate_key function. > > Since OpenSSL supports importing of keys, well from the command line > anyhow, I can't help but think there must be a way to programmatically > import an Elliptic Curve key (private key and public key point). > > I have been studying the source coding starting with the call to > EC_KEY_generate_key function and working my way down. So far I have not > figured out how to create an Elliptic Curve Key from a given private key > and public key point. Does anybody have any idea where I could look for > an answer? > In outline you do this: Get an appopriate group for the curve, for example for a standard curve you can use EC_GROUP_new_by_curve_name(). Create a new EC_KEY for the appopriate group using EC_KEY_new() and EC_KEY_set_group(). Create a public key point for the group using EC_POINT_new() and EC_POINT_set_affine_coordinates_*(). Set the key components in the EC_KEY using EC_KEY_set_public_key() and EC_KEY_set_private_key(). Finally free up the group and point because the key has its own copies. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
