2011/7/1 yyy <y...@inbox.lv>: > Hello! > > s_server (and probably other TLS servers), requires ECDH parameters, if > using ECDH ciphersuites. (probably similarily as for DH parameters with DH > ciphersuites). > It seems, that these are supposed to be generated using: > ecparam -name 'name_of_named_curve', > but this always generates the same output (it seems to be somehow encoded > name of that curve). Generating a curve (ie, 'domain parameters') can be tricky business due to point counting. In practice, one uses a standard curve observed by ANSI, IETF, IEEE, NIST, etc. For example, http://tools.ietf.org/html/rfc5349. If you want a custom curve, I recommend a tool such as Marcel Martin's Elliptic Curve Builder (ECB).
A private key (and public) are selected once domain parameters have been chosen. The private key is 'x' or 'd' (a multiplier), which results in a public key 'Q' (a point). The relationship is Q = x*G, where G is the base point. > DH parameters contained randomly changing data. ECDH, for key exchange, only > needs specified curve and nothing else? During key establishment, ephemeral keys (throw away public and private keys) will be used. If you want to generate a private key, try: $ openssl ecparam -name secp256k1 -genkey -param_enc explicit -outform DER -out ec-openssl.der To get the public key: $ openssl ecparam -param_enc explicit -name secp256k1 -genkey -outform PEM -out ec-openssl.pem $ openssl ec -param_enc explicit -inform PEM -in ec-openssl.pem -pubout -outform DER -out ec-openssl.der Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
