On Thu, Jan 23, 2014 at 02:06:53PM +0100, Dr. Stephen Henson wrote:
> On Wed, Jan 22, 2014, wizzbert wrote:
>
> You need to set the EC_KEY to use the named curve option which isn't the
> default. You can do that with:
>
> EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
I think the below also works:
EVP_PKEY *key = 0;
EC_KEY *eckey;
EC_GROUP *group = 0;
if ((eckey = EC_KEY_new()) != 0
&& (group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 0
&& (EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE),
EC_KEY_set_group(eckey, group))
&& EC_KEY_generate_key(eckey)
&& (key = EVP_PKEY_new()) != 0
&& !EVP_PKEY_set1_EC_KEY(key, eckey)) {
EVP_PKEY_free(key);
key = 0;
}
if (group)
EC_GROUP_free(group);
if (eckey)
EC_KEY_free(eckey);
This is currently used in Postfix DANE support, but the key is never
included in any externally visible certificate.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
