The ec parameters are public anyway, so there is no real need to store such files somewhere with restricted reading access.
On the other hand, I want to reiterate that if you are using (and this is highly recommended) one of the named curves (e.g. NIST P-256) you don't really need at all to generate a ecparam file (which only contains the name): the private key file already contains the very same name and fully contains what you need to perform ECDSA signatures that can be validated against a matching certificate. In the same way, for the ECDHE part, pick curves that you want to support (most TLS 1.2 and 1.3 clients will be happy to support P-256 and X25519 key exchanges) from the named curves: also in this case there is no need to generate a separate ecparam file. Hope this helps! Best regards, Nicola Tuveri On Tue, 18 Feb 2020 at 15:27, Jason Schultz <jetso...@hotmail.com> wrote: > This comment does spark another question though. Do I need to protect the > ecparam file I created for us in generating the private key? I know the > private key should reside in /etc/ssl/private/ as that directory has no > read access. Right now I have the ecparam generated file in > /etc/ssl/dsaparams/, which is readable. Should that file also reside in > /etc/ssl/private/ so it's protected? > > Thanks. > > > ------------------------------ > *From:* Kyle Hamilton <aerow...@gmail.com> > *Sent:* Sunday, February 16, 2020 10:49 PM > *To:* Jason Schultz <jetso...@hotmail.com> > *Cc:* Thulasi Goriparthi <thulasi.goripar...@gmail.com>; openssl-users < > openssl-users@openssl.org> > *Subject:* Re: Questions about using Elliptic Curve ciphers in OpenSSL > > Be aware that you just posted your certificate's private key, and thus you > should regenerate a new keypair/certificate to use. Otherwise, anyone who > can manipulate traffic to your machine can execute a man-in-the-middle > attack. > > -Kyle H > > > On Fri, Feb 14, 2020, 07:40 Jason Schultz <jetso...@hotmail.com> wrote: > > > Thank you for your response Thulasi, this helped. I'm posting this back to > the OpenSSL users list in case it helps anyone else, and in case anyone can > help with my additional questions. While waiting for responses, I've been > able to find out how my certificate and keys were generated. I'd like to > walk through that to hopefully verify I'm handling things correctly. > > First, here is how my EC parameters file was generated: > > openssl ecparam -name prime256v1 -genkey -out myecparamsfile.pem > > And the resulting file: > > M640A-SAIL:/etc/ssl # openssl ecparam -in myecparamsfile.pem -text > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > -----BEGIN EC PARAMETERS----- > > BggqhkjOPQMBBw== > > -----END EC PARAMETERS----- > > # openssl ecparam -in myecparamsfile.pem -text > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > -----BEGIN EC PARAMETERS----- > > BggqhkjOPQMBBw== > > -----END EC PARAMETERS----- > > Is this good so far? Do I need the -genkey? > > Then I take this file and use it when I generate my certificate and > private key pair, here is the openssl command I used: > > openssl req -nodes -sha256 -newkey ec:/etc/ssl/private/myecparamsfile.pem > -keyout mykeyout.pem -new -out mycertfileout.pem -config > /etc/ssl/openssl.cnf -x509 -days 365 -outform pem > Generating a EC private key > writing new private key to 'mykeyout.pem' > <parameter input snipped> > > And the resulting key: > > # cat mykeyout.pem > -----BEGIN PRIVATE KEY----- > MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbfUwVhomun9Q5IAY > xTOAn+sDoXZ+k4UWkvUyfshPBJ6hRANCAAQsakFVUTV4JmfVJH31XOvHVhhBodnV > 8evYCJSd2Jgo4uOomCSh3oekKL+Tia+LOmynygfvmneOX2YadoNr9uzH > -----END PRIVATE KEY----- > > # openssl ec -noout -text -in mykeyout.pem > read EC key > Private-Key: (256 bit) > priv: > 6d:f5:30:56:1a:26:ba:7f:50:e4:80:18:c5:33:80: > 9f:eb:03:a1:76:7e:93:85:16:92:f5:32:7e:c8:4f: > 04:9e > pub: > 04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c: > eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8: > 98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89: > af:8b:3a:6c:a7:ca:07:ef:9a:77:8e:5f:66:1a:76: > 83:6b:f6:ec:c7 > ASN1 OID: prime256v1 > NIST CURVE: P-256 > > And certificate: > > M740A-PMM1:/etc/ssl # openssl x509 -text -in mycertfileout.pem > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > e2:2f:c6:e4:bf:f1:de:20 > Signature Algorithm: ecdsa-with-SHA256 > Issuer: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My > Name/emailAddress=t...@example.com > Validity > Not Before: Feb 13 16:11:39 2020 GMT > Not After : Feb 12 16:11:39 2021 GMT > Subject: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My > Name/emailAddress=t...@example.com > Subject Public Key Info: > Public Key Algorithm: id-ecPublicKey > Public-Key: (256 bit) > pub: > 04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c: > eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8: > 98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89: > af:8b:3a:6c:a7:ca:07:ef:9a:77:8e:5f:66:1a:76: > 83:6b:f6:ec:c7 > ASN1 OID: prime256v1 > NIST CURVE: P-256 > X509v3 extensions: > X509v3 Subject Key Identifier: > D6:8A:F3:3B:4E:A1:F8:F8:34:C1:1B:7A:EC:BF:9B:58:7F:68:4A:D9 > X509v3 Authority Key Identifier: > > keyid:D6:8A:F3:3B:4E:A1:F8:F8:34:C1:1B:7A:EC:BF:9B:58:7F:68:4A:D9 > > X509v3 Basic Constraints: > CA:TRUE > Signature Algorithm: ecdsa-with-SHA256 > 30:44:02:20:37:f0:f7:f7:4a:b4:8e:8f:64:72:e4:d1:31:9f: > a1:36:c5:5d:f3:42:4c:24:37:75:cf:b6:55:b0:66:1b:6e:63: > 02:20:39:18:81:f8:6c:86:3a:57:74:05:cc:99:6c:d9:dc:6a: > a2:20:98:4c:66:a1:97:d1:c7:ea:42:b4:01:1a:f7:b2 > > Then I call the APIs as described in my first email to use them: > > ctx = SSL_CTX_new(TLS_method()); > > status = SSL_CTX_use_PrivateKey_file(ctx,<keyfile>,SSL_FILETYPE_PEM); > status = SSL_CTX_use_certificate_file(ctx, ,<certfile>,SSL_FILETYPE_PEM); > > > // Verify the cert and key are a pair > status = SSL_CTX_check_private_key(ctx); > > > Then call the APIs to set the curves and allow the server to pick the > appropriate curve for the client: > > status = SSL_CTX_set1_curves_list(ctx, "P-521:P-384:P-256"); > status = SSL_CTX_set_ecdh_auto(ctx, 1); > > > That should be it, right? The EC parameters file has been used to generate > the private key, it does not need to be read in by an API call. > > With the steps above, I get a successful TLS connection from a client > using ECDHE-ECDSA-AES256-GCM-SHA384. > > And yes, I think my main confusion was on what to do with the DH > parameters file. I thought using ECDHE key exchange was similar to DSA with > DH. With ECDHE, I don't need to read in a parameters file at all. > > If there's anything wrong above, please let me know, otherwise, thanks for > all the help! > > > ------------------------------ > *From:* Thulasi Goriparthi <thulasi.goripar...@gmail.com> > *Sent:* Wednesday, February 12, 2020 8:29 AM > *To:* jetso...@hotmail.com <jetso...@hotmail.com> > *Cc:* rs...@akamai.com <rs...@akamai.com> > *Subject:* Re: Questions about using Elliptic Curve ciphers in OpenSSL > > To clarify further, EC keys can be generated from either explicit (group) > parameters or named curves which are standardized numbers to specific group > parameters. > > Explicit/Custom EC parameters are not recommended/convenient/usual. Your > key contains parameters in the form of a named curve (p-256). > > You are probably getting confused between dhparam used to generate > ephemeral keys for DHE based key exchange and EC curve selection for ECDHE > based key exchange. > > Curve selection for ECDHE will be done from the list of curves offered by > the client and can be different from the curve used in the server's > certificate(ECDSA). > > Thanks, > Thulasi. > > > On Tue, 11 Feb, 2020, 23:24 Salz, Rich via openssl-users, < > openssl-users@openssl.org> wrote: > > I believe you just load your ECDSA cert and the other stuff – Dhparams!! – > is not needed. > > > >
