Generate ECC key with password protection

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Generate ECC key with password protection

Ken Goldman-2
 From these web pages:

https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations

https://www.openssl.org/docs/manmaster/apps/ecparam.html

the "openssl ecparam -genkey" command does not accept a password.  The
(perhaps) equivalent "openssl genrsa" command does.

Is there a openssl command that can generate an ECC key pair where the
output file is password protected?




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Jakob Bohm-7
On 20/07/2016 16:21, Ken Goldman wrote:

> From these web pages:
>
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>
> https://www.openssl.org/docs/manmaster/apps/ecparam.html
>
> the "openssl ecparam -genkey" command does not accept a password. The
> (perhaps) equivalent "openssl genrsa" command does.
>
> Is there a openssl command that can generate an ECC key pair where the
> output file is password protected?
>
openssl genpkey

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Ken Goldman-2
On 7/20/2016 10:26 AM, Jakob Bohm wrote:

> On 20/07/2016 16:21, Ken Goldman wrote:
>> From these web pages:
>>
>> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>>
>> https://www.openssl.org/docs/manmaster/apps/ecparam.html
>>
>> the "openssl ecparam -genkey" command does not accept a password. The
>> (perhaps) equivalent "openssl genrsa" command does.
>>
>> Is there a openssl command that can generate an ECC key pair where the
>> output file is password protected?
>>
> openssl genpkey

My latest attempt is this.  It gives me a usage error.  Any hints?

openssl genpkey -out cakeyecc.pem -outform pem  -pass pass:rrrr
aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Viktor Dukhovni

> On Jan 12, 2017, at 5:34 PM, Ken Goldman <[hidden email]> wrote:
>
>>> Is there a openssl command that can generate an ECC key pair where the
>>> output file is password protected?
>> openssl genpkey
>
> My latest attempt is this.  It gives me a usage error.  Any hints?
>
> openssl genpkey -out cakeyecc.pem -outform pem  -pass pass:rrrr aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text

The "aes-256-cbc" argument is wrong.  Try "-aes256".

Also, take a look at test/certs/mkcert.sh:

key() {
    local key=$1; shift
   
    local alg=rsa
    if [ -n "$OPENSSL_KEYALG" ]; then
        alg=$OPENSSL_KEYALG
    fi
   
    local bits=2048
    if [ -n "$OPENSSL_KEYBITS" ]; then
        bits=$OPENSSL_KEYBITS
    fi
   
    if [ ! -f "${key}.pem" ]; then
        args=(-algorithm "$alg")
        case $alg in
        rsa) args=("${args[@]}" -pkeyopt rsa_keygen_bits:$bits );;
        ec)  args=("${args[@]}" -pkeyopt "ec_paramgen_curve:$bits")
               args=("${args[@]}" -pkeyopt ec_param_enc:named_curve);;
        *) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;;
        esac
        stderr_onerror \
            openssl genpkey "${args[@]}" -out "${key}.pem"
    fi
}

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Ken Goldman-2
Thanks, getting closer ...

On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:
>> My latest attempt is this.  It gives me a usage error.  Any hints?
>>
>> openssl genpkey -out cakeyecc.pem -outform pem  -pass pass:rrrr aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
>
> The "aes-256-cbc" argument is wrong.  Try "-aes256".

BTW, I got aes-256-cbc from

https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations

and > openssl list-cipher-commands

>
> Also, take a look at test/certs/mkcert.sh:

I looked at that, but what is $bits?

I got prime256v1, the curve I want, from

openssl ecparam -list_curves

My next tries:

openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text

openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
ec_param_enc:named_curve -text

openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
ec_param_enc:explicit -text

I get:

Error generating key
140529942484808:error:100C708B:elliptic curve routines:PKEY_EC_KEYGEN:no
parameters set:ec_pmeth.c:294:

It's probably this LOC, but what am I missing?

     if (ctx->pkey == NULL && dctx->gen_group == NULL) {
         ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
         return 0;
     }


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Matt Caswell-2


On 13/01/17 14:32, Ken Goldman wrote:

> Thanks, getting closer ...
>
> On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:
>>> My latest attempt is this.  It gives me a usage error.  Any hints?
>>>
>>> openssl genpkey -out cakeyecc.pem -outform pem  -pass pass:rrrr
>>> aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
>>
>> The "aes-256-cbc" argument is wrong.  Try "-aes256".
>
> BTW, I got aes-256-cbc from
>
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>
> and > openssl list-cipher-commands
>
>>
>> Also, take a look at test/certs/mkcert.sh:
>
> I looked at that, but what is $bits?
>
> I got prime256v1, the curve I want, from
>
> openssl ecparam -list_curves
>
> My next tries:
>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text

Try it with a "-" in front of "pkeyopt"!!!

Matt



>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:named_curve -text
>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:explicit -text
>
> I get:
>
> Error generating key
> 140529942484808:error:100C708B:elliptic curve routines:PKEY_EC_KEYGEN:no
> parameters set:ec_pmeth.c:294:
>
> It's probably this LOC, but what am I missing?
>
>     if (ctx->pkey == NULL && dctx->gen_group == NULL) {
>         ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
>         return 0;
>     }
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Viktor Dukhovni
In reply to this post by Ken Goldman-2
On Fri, Jan 13, 2017 at 09:32:01AM -0500, Ken Goldman wrote:

> > The "aes-256-cbc" argument is wrong.  Try "-aes256".
>
> BTW, I got aes-256-cbc from
>
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>
> and > openssl list-cipher-commands

When cipher names are used as options, they need a leading "-".

> > Also, take a look at test/certs/mkcert.sh:
>
> I looked at that, but what is $bits?

The curve name.

> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text

You're sure fond of leaving off the leading "-" in option names.
You'll also really want the "ec_param_enc" option when you get
the rest of the syntax right.

> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:named_curve -text

So this one is much closer, but now has two missing "-"s in "pkeyopt".

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Ken Goldman-2
Thanks for the help.  Am I getting closer?

On 1/13/2017 9:44 AM, Viktor Dukhovni wrote:
>>> Also, take a look at test/certs/mkcert.sh:
>>
>> I looked at that, but what is $bits?
>
> The curve name.
>
> You're sure fond of leaving off the leading "-" in option names.
> You'll also really want the "ec_param_enc" option when you get
> the rest of the syntax right.

OK, sorry, hyphen-o-phobia.

I gather now that there are two -pkeyopt:

ec_paramgen_curve
ec_param_enc

I tried prime256v1 for each, and also named_curve and explicit
for the second, in many combinations.

It's also not 100% clear whether I specify -pkeyopt each time, or once
and then pairs of opt:value.

In all combinations, I now get:

openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec -pkeyopt ec_paramgen_curve:prime256v1
ec_param_enc:explicit -text

parameter setting error
140171547424584:error:06089094:digital envelope
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Viktor Dukhovni
On Fri, Jan 13, 2017 at 01:06:10PM -0500, Ken Goldman wrote:

> I gather now that there are two -pkeyopt:

Yes.

> ec_paramgen_curve
> ec_param_enc
>
> I tried prime256v1 for each, and also named_curve and explicit
> for the second, in many combinations.

Easier to read the documentation and use the appropriate value.

> It's also not 100% clear whether I specify -pkeyopt each time, or once and
> then pairs of opt:value.

Each time.

> In all combinations, I now get:
>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 ec_param_enc:explicit
> -text

The explicit "-outform PEM" argument is not needed, but harmless:

    $ openssl genpkey -out cakeyecc.pem -outform PEM -pass pass:rrrr \
       -aes256 -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 \
        -pkeyopt ec_param_enc:named_curve -text

    $ cat cakeyecc.pem
    -----BEGIN ENCRYPTED PRIVATE KEY-----
    MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAhn8FHW0643QQICCAAw
    HQYJYIZIAWUDBAEqBBCtTYP4h4/2PTEfN1fVJnpHBIGQ3RHX/KUQwncg9MK5aF7H
    p0qQplxOKtfCOYp0iqx15IQCEv5N4SXIIKnRjvaKPHgFQN0d8x1Et0pBOaYLqIre
    zwch3VGRvvHH//qhXiYGay9xzZXraGwFFatNt9R8gyBKR7zMn/BQVWUtA8woCB//
    D/R9GGYJVr3afeay4Vr4U/kHtRUkTrkGZxRZvM2EIAsr
    -----END ENCRYPTED PRIVATE KEY-----
    Private-Key: (256 bit)
    priv:
        39:32:f7:c6:cf:fa:57:7f:9f:b0:d7:87:92:c0:93:
        36:33:9e:19:75:0c:58:f7:a0:ec:29:01:1f:c2:17:
        6a:9f
    pub:
        04:a2:2a:47:02:a3:ed:6c:e0:af:85:9f:f3:9e:f9:
        e7:e4:19:5a:49:05:09:2e:1e:40:d8:89:88:5a:2c:
        fc:dc:59:5b:27:9f:9d:00:78:d7:3d:16:68:b9:81:
        42:db:db:02:98:42:08:d9:2f:6f:e5:1d:a4:70:4f:
        1a:4e:2b:69:2f
    ASN1 OID: prime256v1
    NIST CURVE: P-256

As you can see the combination of "-aes256" and "-text" is unwise.
The "-text" form is not encrypted.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Viktor Dukhovni
On Fri, Jan 13, 2017 at 06:18:51PM +0000, Viktor Dukhovni wrote:

> Easier to read the documentation and use the appropriate value.

    https://www.openssl.org/docs/man1.1.0/apps/genpkey.html

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Ken Goldman-2
On 1/13/2017 1:21 PM, Viktor Dukhovni wrote:
> On Fri, Jan 13, 2017 at 06:18:51PM +0000, Viktor Dukhovni wrote:

Still no success.  I think this is exactly what you suggested, and
something I had already tried.

openssl genpkey -out cakeyecc.pem -outform PEM -pass pass:rrrr -aes256
-algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt
ec_param_enc:named_curve -text

parameter setting error
139854491113288:error:06089094:digital envelope
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:

>> Easier to read the documentation and use the appropriate value.
>
>     https://www.openssl.org/docs/man1.1.0/apps/genpkey.html

Yikes.  That's not in the  1.0.2 documentation at

https://www.openssl.org/docs/man1.0.2/apps/genpkey.html

Could it be that 1.0.2 doesn't support creation of EC keys?

Or, if the syntax is different, where can I find it?


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Viktor Dukhovni
On Fri, Jan 13, 2017 at 01:49:14PM -0500, Ken Goldman wrote:

> On 1/13/2017 1:21 PM, Viktor Dukhovni wrote:
> > On Fri, Jan 13, 2017 at 06:18:51PM +0000, Viktor Dukhovni wrote:
>
> Still no success.  I think this is exactly what you suggested, and something
> I had already tried.
>
> openssl genpkey -out cakeyecc.pem -outform PEM -pass pass:rrrr -aes256
> -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt
> ec_param_enc:named_curve -text
>
> parameter setting error
> 139854491113288:error:06089094:digital envelope
> routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:

In that case, your OpenSSL library is broken, or was built without
EC support.  Perhaps you're running the wrong openssl(1) binary.

> https://www.openssl.org/docs/man1.0.2/apps/genpkey.html
>
> Could it be that 1.0.2 doesn't support creation of EC keys?

EC key creation is supported in 1.0.2:

    $ openssl version -a; openssl genpkey -out cakeyecc.pem -outform PEM -pass pass:rrrr -aes256 -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:named_curve -text; cat cakeyecc.pem
    OpenSSL 1.0.2j  26 Sep 2016
    built on: reproducible build, date unspecified
    platform: NetBSD-x86_64
    options:  bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) blowfish(ptr2)
    compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H
    -O2 -I/usr/include -Wa,--noexecstack -DTERMIOS -DL_ENDIAN -DMD32_REG_T=int -O2 -DOPENSSL_IA32_SSE2
    -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM
    -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
    OPENSSLDIR: "/usr/pkg/etc/openssl"
    -----BEGIN ENCRYPTED PRIVATE KEY-----
    MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAj2P6Eun6xu+QICCAAw
    HQYJYIZIAWUDBAEqBBCLkrjwPqdzyGUnq+FZmAXKBIGQYc6Ug3yc5JbhkUmNmtPm
    8An/0hE1ErvedRQFk0yyfUTiX/cHcuTkm5S5ZJlE4jtDJRidc3TxX59yTa6blZbp
    EilWzrACBO0POWeUsN0SnYAwHfaQ7dRKfoK0xmZJMRclzd9C62f64e/0Q2v1xdvj
    oMyg7aiK2fa1DdXdkDeB0j3Cnpo4x24ZY1De870LOkd/
    -----END ENCRYPTED PRIVATE KEY-----
    Private-Key: (256 bit)
    priv:
        63:c2:97:81:a3:bc:4f:10:cc:ca:68:70:bf:a3:fa:
        da:e3:fd:7d:d2:9f:88:b9:4b:bf:11:ac:4b:9c:b5:
        d4:c2
    pub:
        04:96:5d:78:a2:7b:60:b3:9c:67:7d:d7:19:68:4e:
        4e:7b:a4:75:46:31:b1:f6:76:28:86:fe:9a:56:9c:
        bc:3c:4b:37:0b:3b:0c:24:ed:2b:d1:8f:85:92:0f:
        6e:48:9d:49:2c:7b:e7:7c:df:94:8a:9d:4b:f8:bc:
        25:82:cb:50:22
    ASN1 OID: prime256v1
    NIST CURVE: P-256

The documentation of genpkey(1) was improved in 1.1.0, perhaps some
of the improvements should be backported. Pull requests welcome.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Ken Goldman-2
On 1/13/2017 2:02 PM, Viktor Dukhovni wrote:
>> parameter setting error
>> 139854491113288:error:06089094:digital envelope
>> routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:
>
> In that case, your OpenSSL library is broken, or was built without
> EC support.  Perhaps you're running the wrong openssl(1) binary.

Perhaps++.  The command ran on a 1.0.2 platform.

> EC key creation is supported in 1.0.2:

openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

The C API's seem to support EC.  Perhaps the openssl binary does not?

RHEL 6.7 is still at 1.0.1.

Can I create the key and certificates on the 1.0.2 platform and use them
with the C API on 1.0.1?




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Generate ECC key with password protection

Viktor Dukhovni
On Fri, Jan 13, 2017 at 03:26:08PM -0500, Ken Goldman wrote:

> On 1/13/2017 2:02 PM, Viktor Dukhovni wrote:
> > > parameter setting error
> > > 139854491113288:error:06089094:digital envelope
> > > routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:
> >
> > In that case, your OpenSSL library is broken, or was built without
> > EC support.  Perhaps you're running the wrong openssl(1) binary.
>
> Perhaps++.  The command ran on a 1.0.2 platform.
>
> > EC key creation is supported in 1.0.2:
>
> openssl version
> OpenSSL 1.0.1e-fips 11 Feb 2013
>
> The C API's seem to support EC.  Perhaps the openssl binary does not?
>
> RHEL 6.7 is still at 1.0.1.
>
> Can I create the key and certificates on the 1.0.2 platform and use them
> with the C API on 1.0.1?

RedHat has in various past releases deliberately disabled EC support.
More recently they've enabled just the NIST P-256,384,521 curves.

So your software may be neutered by the vendor, however, you seem
to be using 1.0.1, while I was testing 1.0.2.

With 1.0.1 I get:

    $ openssl version -a; openssl genpkey -out cakeyecc.pem -outform PEM -pass pass:rrrr -aes256 -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:named_curve -text; cat cakeyecc.pem
    OpenSSL 1.0.1v-dev  xx XXX xxxx
    built on: Fri Jan 13 15:35:13 2017
    platform: darwin64-x86_64-cc
    options:  bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx)
    compiler: cc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    OPENSSLDIR: "/Volumes/gitvol/viktor/ssl/OpenSSL_1_0_1/ssl"
    parameter setting error
    140735936984072:error:06089094:digital envelope routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:394:
    cat: cakeyecc.pem: No such file or directory

With 1.0.1, EC support in genpkey(1) is incomplete.  To encrypt
use a pipeline:

    $ openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 -text
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    -----BEGIN ENCRYPTED PRIVATE KEY-----
    MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiDn5ZQFVqU2wICCAAw
    HQYJYIZIAWUDBAEqBBBMxK5x8CNp29AxpTpdjjZzBIGQFcjJotTUgue5zv1ZUiJE
    Fmp3LFInp0+mJmiSMM/WZUM2aALAG3xikB5xn0ENmtluiLVM+Osa5PZVj5WAisgN
    DBmHRYqFoxOQPc9L8DN8dr0PDM/d7KZe3Vr4FAlkG86R/aFOOn8yBX2DepDDmvuc
    aYn6abZZWe9uISi+Gk0r3Hna6cKz0K5M6ecGim6oBRg2
    -----END ENCRYPTED PRIVATE KEY-----
    Private-Key: (256 bit)
    priv:
        00:fc:ee:5b:91:0d:7b:11:c1:a3:6b:b6:45:e3:88:
        12:80:08:27:77:1b:3c:ad:59:4f:cd:10:42:f7:6e:
        53:4a:e9
    pub:
        04:82:74:1c:da:70:65:e0:2d:3f:3b:8b:e4:10:e1:
        b0:60:b0:f8:59:9a:99:7d:a7:70:52:13:be:02:8d:
        c4:a0:56:9b:7f:79:ae:b8:ca:61:52:8c:74:06:59:
        72:10:77:6e:53:62:df:47:ef:af:64:47:97:73:cb:
        a6:f0:eb:a2:24
    ASN1 OID: prime256v1

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users