RE: Question on openssl dgst: which private key?

Sun, 24 Jun 2012 21:04:58 -0700 

Dave,

Sorry I forgot. I do also have the EC public key (the point Qx and Qy) in hex. 
I also know the curve P-384. 
So the only step I am not sure is how to convert the EC private and public keys 
into the DER format, i.e., step 2. 

- David
________________________________________
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On 
Behalf Of Dave Thompson [dthomp...@prinpay.com]
Sent: Sunday, June 24, 2012 6:25 PM
To: openssl-users@openssl.org
Subject: RE: Question on openssl dgst: which private key?

> From: owner-openssl-us...@openssl.org On Behalf Of Li, David
> Sent: Thursday, 21 June, 2012 17:53

> If I have a private key in hex string , e.g,
> 23d9f4ea6d87b7d6163d64256e3449255db14786401a51daa7847161bf56d4
> 94325ad2ac8ba928394e01061d882c3528, how can I convert it into
> an ECDSA private key in PEM and use it in openssl dgst?
>
> I am thinking about the following steps:
>
> 1. convert it to a binary key
> 2. convert the binary key into DER format (which openssl cmd?)

The EC(DSA) privatekey structure used by OpenSSL consists of the
"group" (curve, by id or parameters), the private-key (number),
and the public-key (point). If you have only the private number
you need to add the curve and the public point to have a
storable key. I don't believe any commandline utility can
do this, so you'll have to write a (fairly simple) program.
Which can read hex as easily as binary if not easier.

How do you have only a private-key number?
Most programs/systems that can generate a key in the first place
can output at least one of PKCS#8 or PKCS#12. Those contain all
the correct bits together and OpenSSL can handle either fine.

> 3. use openssl  ec  to convert the key in DER format to PEM format
> 4. use open dgst to sign the message.
>
Yes. Or the program can output (clear) PEM just as easily,
or encrypted PEM almost as easily.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to