> From: owner-openssl-us...@openssl.org On Behalf Of Li, David > Sent: Thursday, 21 June, 2012 17:53
> If I have a private key in hex string , e.g, > 23d9f4ea6d87b7d6163d64256e3449255db14786401a51daa7847161bf56d4 > 94325ad2ac8ba928394e01061d882c3528, how can I convert it into > an ECDSA private key in PEM and use it in openssl dgst? > > I am thinking about the following steps: > > 1. convert it to a binary key > 2. convert the binary key into DER format (which openssl cmd?) The EC(DSA) privatekey structure used by OpenSSL consists of the "group" (curve, by id or parameters), the private-key (number), and the public-key (point). If you have only the private number you need to add the curve and the public point to have a storable key. I don't believe any commandline utility can do this, so you'll have to write a (fairly simple) program. Which can read hex as easily as binary if not easier. How do you have only a private-key number? Most programs/systems that can generate a key in the first place can output at least one of PKCS#8 or PKCS#12. Those contain all the correct bits together and OpenSSL can handle either fine. > 3. use openssl ec to convert the key in DER format to PEM format > 4. use open dgst to sign the message. > Yes. Or the program can output (clear) PEM just as easily, or encrypted PEM almost as easily. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
