Is there a way to have all those man pages installed in my system. I'm using Ubuntu 24.
On Wed, Jun 19, 2024, 17:49 Matt Caswell <m...@openssl.org> wrote: > > > On 19/06/2024 12:14, Lokesh Chakka wrote: > > Now I need to explore C APIs for getting those keys as hex array. > > Could you please suggest any good references for beginners. > > You would need to first load the key from the file to create an EVP_PKEY > object. For example you could use the PEM_read_PUBKEY() function for > this. See: > > https://www.openssl.org/docs/man3.3/man3/PEM_read_PUBKEY.html > > Once you have the key as an EVP_PKEY object, you can get the raw > encoding as a char array in a format suitable for TLS using the > EVP_PKEY_get1_encoded_public_key() function. See: > > > https://www.openssl.org/docs/man3.3/man3/EVP_PKEY_get1_encoded_public_key.html > > Matt > > > > > > > Regards > > -- > > Lokesh Chakka. > > > > > > On Wed, Jun 19, 2024 at 4:21 PM Matt Caswell <m...@openssl.org > > <mailto:m...@openssl.org>> wrote: > > > > > > > > On 19/06/2024 09:15, Lokesh Chakka wrote: > > > hello, > > > > > > I'm trying to generate public/private keys with following > commands: > > > > > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > > > openssl ec -in pvtkey.pem -pubout > > > > > > I'm seeing the sizeof private key as 164 bytes and public key as > > 124 bytes. > > > > > > In a wireshark capture( attached ), I'm seeing key length as 65 > > bytes. > > > > What you are doing is confusing. You have generated public/private > key > > pair for secp256r1 - but the wireshark capture you show seems to be > the > > key share from a TLSv1.3 handshake. TLSv1.3 key shares are ephemeral > so > > - you'll get a different key share every time. You don't need to > create > > a public/private key for this. OpenSSL does it for you. > > > > Anyway. Taking the key that you generated: > > > > -----BEGIN PUBLIC KEY----- > > MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP > > GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== > > -----END PUBLIC KEY----- > > > > This is just a PEM encoding of the real key (base 64 encoding of DER > > structured data in PEM headers). Not sure where you get 124 bytes > from, > > but you can look take a look at the actual key data like this: > > > > $ openssl pkey -in /tmp/key.pem -pubin -noout -text > > Public-Key: (256 bit) > > pub: > > 04:55:29:a9:e1:49:e5:41:bc:db:7b:a7:a8:a4:1c: > > 9e:11:4c:e4:99:81:cf:1a:06:8a:bd:2b:7f:c5:d0: > > 20:bc:3a:7b:15:72:93:a5:24:fc:50:cf:4b:a4:5f: > > 1f:e0:91:13:39:78:03:0c:6b:cd:94:80:ea:54:5a: > > 3e:4f:48:5d:b5 > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > > > This shows you the 65 bytes of raw public key data contained within > the > > key file. > > > > This key is in "uncompressed" format (the 04 byte at the start > > indicates > > this). Since it is uncompressed we then get an x and a y value to > > indicate the point on the curve. Each of these are 32 bytes long (256 > > bits) - so this gives you 65 bytes in total. > > > > Matt > > > > > > > > > > > > Can someone help me understand why the difference? > > > > > > Thanks & Regards > > > -- > > > Lokesh Chakka. > > >
