On Fri, Mar 18, 2011, Strecker, Dean A. wrote: > Hello, > > I'm using the OpenSSL Crypto library to perform Elliptic Curve key > generation and signature generation/verification. Actually, I don't > have any problem creating a key (EC_KEY) and generating signatures and > verifying signatures using pure OpenSSL. > > The challenge I'm having is that I'm using a Hardware Security Module > (HSM) to generate the private key and the public key point (X, Y). I > thought I might be able to initialize the EC_KEY->priv_key and > EC_KEY->pub_key with the data generated by the HSM before calling > EC_KEY_generate_key(EC_KEY). > I was hoping this would act as an "Import" key action. Wrong! > EC_KEY_generate_key generates new private and public key point > overriding the private and public key point passed into the > EC_KEY_generate_key function. > > Since OpenSSL supports importing of keys, well from the command line > anyhow, I can't help but think there must be a way to programmatically > import an Elliptic Curve key (private key and public key point). > > I have been studying the source coding starting with the call to > EC_KEY_generate_key function and working my way down. So far I have not > figured out how to create an Elliptic Curve Key from a given private key > and public key point. Does anybody have any idea where I could look for > an answer? >
In outline you do this: Get an appopriate group for the curve, for example for a standard curve you can use EC_GROUP_new_by_curve_name(). Create a new EC_KEY for the appopriate group using EC_KEY_new() and EC_KEY_set_group(). Create a public key point for the group using EC_POINT_new() and EC_POINT_set_affine_coordinates_*(). Set the key components in the EC_KEY using EC_KEY_set_public_key() and EC_KEY_set_private_key(). Finally free up the group and point because the key has its own copies. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
