You can actually skip the step of using the BN functions and write your keypair directly to PEM format:
PEM_write_bio_ECPrivateKey You can then use the BIO functions to either read a string from memory, write it to file, etc. See: http://www.openssl.org/docs/crypto/bio.html# Jason On Aug 15, 2012, at 5:59 AM, Mohammad khodaei <m_khod...@yahoo.com<mailto:m_khod...@yahoo.com>> wrote: Hi, Based on the previous conversations, I tried to generate Elliptic Curve public/Private key pair. I want to convert the output BIGNUM* to char* in order to perform the rest of my task. Using BN_bn2hex is the correct api to do this? It seems it returns a 32 byte Hex while when I generate EC keys by command, it is much bigger. I want an output like this for public key and private key: -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49 AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -----END EC PRIVATE KEY----- and -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -----END PUBLIC KEY----- Here is my code: EC_KEY *ecKey = EC_KEY_new(); EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY_set_group(ecKey, group); int iECGenKey = EC_KEY_generate_key(ecKey); BIGNUM *pPubKey, *pPrivKey; pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey); char* pchPrivKey = BN_bn2hex(pPrivKey); int nBytes = BN_num_bytes(pPrivKey); string strPrivKey; strPrivKey.assign(pchPrivKey); if (pPrivKey != NULL) OPENSSL_free(pPrivKey); pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey); char* pchPubKey = BN_bn2hex(pPubKey); string strPubKey; strPubKey.assign(pchPubKey); if (pPubKey != NULL) OPENSSL_free(pPubKey); It would be appreciated if you can help me. Thanks ________________________________ From: Thomas Leavy <tombu...@gmail.com<mailto:tombu...@gmail.com>> To: "openssl-users@openssl.org<mailto:openssl-users@openssl.org>" <openssl-users@openssl.org<mailto:openssl-users@openssl.org>> Cc: "<openssl-users@openssl.org<mailto:openssl-users@openssl.org>>" <openssl-users@openssl.org<mailto:openssl-users@openssl.org>> Sent: Wednesday, August 15, 2012 2:52 AM Subject: Re: Elliptic Curve key generation help Wow can't believe I already got an answer! Thanks so much guys I should be good to go. On Aug 14, 2012, at 6:59 PM, Jason Goldberg <jgoldb...@oneid.com<mailto:jgoldb...@oneid.com>> wrote: Before you call generate_key, you need to initialize your EC_KEY with a curve: EC_GROUP *group = EC_GROUP_new_by_curve_name(curve); EC_KEY_set_group(testKey, group); For 'curve' you could use, for example, NIST P256 which is defined with the macro: NID_X9_62_prime256v1 You can then use these primitives to get the public and private keys: EC_KEY_get0_private_key EC_KEY_get0_public_key Jason On Aug 14, 2012, at 5:49 PM, Tom Leavy <tombu...@gmail.com<mailto:tombu...@gmail.com>> wrote: I have been trying to figure out how to generate an elliptic curve public private key pair and can't find much information on how you properly do that. So far I have done the following and I'm pretty sure I am missing a step someplace. void makeECCKeyPair() { EC_KEY *testKey = EC_KEY_new(); EC_KEY_generate_key(testKey); }
