Raw EC key to EVP_PKEY to certificate

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Raw EC key to EVP_PKEY to certificate

Ken Goldman-2
My overall goal is to create an X509 certificate for an ECC public key.
I am starting with the X and Y points.  The curve is NIST_P256.

Here's the basic code.  Am I close?

- EC_KEY ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)
- convert x and y from bin to bignum
- EC_KEY_set_public_key_affine_coordinates(ecKey, x, y)
- EVP_PUBKEY evpPubkey = EVP_PKEY_new()
- EVP_PKEY_set1_EC_KEY(evpPubkey, ecKey);
- X509_set_pubkey(x509Certificate, evpPubkey);

I'm getting far more information that I suspect I need.  See the two
dumps below.

My result looks like this:

            Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
                     04:e7:de:55:b0:09:2f:0a:83:0a:c9:fc:f0:82:d7:
                     97:e0:4e:02:7d:75:08:44:74:3e:5f:b6:b3:29:3d:
                     ad:69:b3:f4:c5:3d:65:ed:94:23:89:37:5c:d5:e5:
                     4c:0b:77:d4:55:f6:3c:83:24:27:fb:cb:21:dc:66:
                     df:11:5d:ac:65
                 Field Type: prime-field
                 Prime:
                     00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                     00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                     ff:ff:ff
                 A:
                     00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                     00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                     ff:ff:fc
                 B:
                     5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
                     bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
                     60:4b
                 Generator (uncompressed):
                     04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
                     40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
                     98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
                     7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
                     68:37:bf:51:f5
                 Order:
                     00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
                     ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
                     63:25:51
                 Cofactor:  1 (0x1)
                 Seed:
                     c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
                     b7:81:9f:7e:90

while other certificates I see look like this:

             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
                     04:b2:72:2e:90:17:f8:19:2e:20:bb:cd:ee:fd:0a:
                     c5:f8:79:9f:33:e2:e3:04:f5:54:2c:39:7d:bb:b7:
                     7d:d5:b4:51:38:02:df:f1:14:44:81:9f:1e:1d:e1:
                     df:0e:4d:94:c8:15:26:5d:2a:96:9f:c2:dc:f0:c1:
                     3c:78:c1:1d:eb
                 ASN1 OID: prime256v1
                 NIST CURVE: P-256


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Raw EC key to EVP_PKEY to certificate

Viktor Dukhovni

> On Dec 30, 2016, at 8:20 PM, Ken Goldman <[hidden email]> wrote:
>
> - EC_KEY ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)
> - convert x and y from bin to bignum
> - EC_KEY_set_public_key_affine_coordinates(ecKey, x, y)
> - EVP_PUBKEY evpPubkey = EVP_PKEY_new()
> - EVP_PKEY_set1_EC_KEY(evpPubkey, ecKey);
> - X509_set_pubkey(x509Certificate, evpPubkey);

Start with:

        EC_KEY *eckey = EC_KEY_new();
        EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
        EC_KEY_set_group(eckey, group);
        ...

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Raw EC key to EVP_PKEY to certificate

Ken Goldman-2
Perfect, thanks.

On 12/30/2016 8:27 PM, Viktor Dukhovni wrote:

>
>> On Dec 30, 2016, at 8:20 PM, Ken Goldman <[hidden email]> wrote:
>>
>> - EC_KEY ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)
>> - convert x and y from bin to bignum
>> - EC_KEY_set_public_key_affine_coordinates(ecKey, x, y)
>> - EVP_PUBKEY evpPubkey = EVP_PKEY_new()
>> - EVP_PKEY_set1_EC_KEY(evpPubkey, ecKey);
>> - X509_set_pubkey(x509Certificate, evpPubkey);
>
> Start with:
>
> EC_KEY *eckey = EC_KEY_new();
> EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
> EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
>         EC_KEY_set_group(eckey, group);
> ...
>


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...