RE: private key extractipon from ecdsapriv.pem file

Fri, 14 Dec 2012 01:32:00 -0800 

> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Friday, 14 December, 2012 02:59

> I run the below two command and generated the private key for 
> ecdsa sign .

Actually you generated two keypairs and ignored one of them.
But what the hey, they're cheap (unlike say large RSA moduli).

> But i thinks its not the correct lenght that why my signature creation
> is failing.
> 
> 1.openssl ecparam -out ec_key.pem -name secp224r1 -genkey
> 2. openssl req -newkey ec:ec_key.pem -x509 -nodes -days 365 -keyout
> ecdsapriv.pem -out ecdsapublic.x509
> 
> cat ecdsapriv.pem
> -----BEGIN PRIVATE KEY-----
> MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBz5PninGQKcwsfBzSdQwL8Z
> sofs53EyzZPLWvzHoTwDOgAEipOs1lPyOKrz4D/WGLdh6yE0WhewJIPxoDP1Rf0V
> 6D2I5SBwV8Bv28zpitRviKIJTp8st1j9iGg=
> -----END PRIVATE KEY-----
> 
> can anybody guide me which the private key here I am use for 
> signing the data.

Depends on how you do it. If you use OpenSSL routines, 
you pass the EVP_KEY struct read from that file, or 
at the lower level the EC_KEY struct "in" the EVP_KEY.

> Private ekey lenght should be 28 bytes for secp224r1 this curve.
> 
The private *value*, yes. The private key is really 
the private value combined with the "curve" (really group).
You can see all the key values with commandline ec:

cmd>openssl ec -in jeetendra.pem -noout -text
read EC key
Private-Key: (224 bit)
priv:
    00:f9:3e:78:a7:19:02:9c:c2:c7:c1:cd:27:50:c0:
    bf:19:b2:87:ec:e7:71:32:cd:93:cb:5a:fc:c7
pub:
    04:8a:93:ac:d6:53:f2:38:aa:f3:e0:3f:d6:18:b7:
    61:eb:21:34:5a:17:b0:24:83:f1:a0:33:f5:45:fd:
    15:e8:3d:88:e5:20:70:57:c0:6f:db:cc:e9:8a:d4:
    6f:88:a2:09:4e:9f:2c:b7:58:fd:88:68
ASN1 OID: secp224r1

The private value is the size of the group (here 28 octets) 
but is displayed with a leading zero octet because the code 
treats it like an ASN.1 integer even though it isn't.

The public value is usually and here one octet 04 followed 
by two values (x,y) the size of the group (here 28 octets).

This appears to be, and given that generation I'm sure is, 
a valid key. If you're getting an error you're doing 
something wrong in the code or commands you didn't post.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to