[openssl-users] Naive: how to generate EC public key from EC private key?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Mon Mar 21 02:32:35 UTC 2016


Thank you!!

Now the code works (using the outline Stephen suggested, as it is simpler
:)!

I still have a few questions/issues.

1. EVP_PKEY_get0_EC_KEY(key) is only defined for 1.1. I had to use
EVP_PKEY_get1_EC_KEY(key) with 1.0.2g. (this is not a problem - just a
remark)

2. For some reason the following code does not work - subsequent requests
that involve pub key fail:

 dup_ekey = EVP_PKEY_get1_EC_KEY(pubkey);
 group = (EC_GROUP*) EC_KEY_get0_group(dup_ekey);
 nid = EC_GROUP_get_curve_name(group);
 printf("wrap: Deriving ECC keys over curve \"%s\"\n",
EC_curve_nid2nist(nid));
 EC_GROUP_free(group);

 EC_KEY_free(dup_ekey);

But if I move the two XXX_free() calls to the end of the function -
everything is fine. So in my working version of the code these lines are
just before the return, after everything has been done. But I don’t
understand why it behaves that way, given the man pages here:
https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_set1_RSA.html

3. If in the above fragment I try

  dup_ekey = EVP_PKEY_assign_EC_KEY(pubkey);


Then the entire fragment does not work.

Thanks again for your help (as I said, with your guidance the code now
works), and I’d appreciate some light on the above peculiarities.
--
Regards,
Uri Blumenthal




On 3/18/16, 21:11, "openssl-users on behalf of Dr. Stephen Henson"
<openssl-users-bounces at openssl.org on behalf of steve at openssl.org> wrote:

>On Fri, Mar 18, 2016, Viktor Dukhovni wrote:
>
>> On Fri, Mar 18, 2016 at 06:59:36PM +0000, Blumenthal, Uri - 0553 -
>>MITLL wrote:
>> 
>> > Answered my own question: should use EVP_PKEY_bits(pkey) instead.
>> 
>> That's not the right way to determine the curve id.
>> 
>> > >How do I determine what curve the above key is on?
>> 
>> For that you need to determine the EVP_PKEY algorithm type:
>> 
>> 	int type = EVP_PKEY_base_id(pkey);
>> 
>> 	if (type == EVP_PKEY_EC) {
>> 	    EC_KEY *key = EVP_PKEY_get0_EC_KEY(pkey);
>> 	    EC_GROUP *group = EC_KEY_get0_group(key);
>> 
>> 	    /* Use that group to generate more points */
>> 	}
>> 
>> So you don't need code to specifically identify the group, but if
>> you want to constrain the supported groups:
>> 
>> 	switch (EC_GROUP_get_curve_name(group)) {
>> 	case NID_undef:
>> 	default:
>> 	    /* Unknown or not named group */
>> 
>> 	case NID_X9_62_prime256v1:
>> 	    /* P-256 */
>> 	    ...
>> 
>> 	case NID_secp384r1:
>> 	    /* P-384 */
>> 
>> 	    ...
>> 	}
>> 
>
>There is another way too. An EVP_PKEY can also be used to contain
>parameters
>and it is permissible to pass a private or public key as a set of
>parameters.
>
>In outline you call:
>
> EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(privkey, NULL);
> EVP_PKEY_keygen_init(pctx);
> EVP_PKEY_keygen(pctx, &newkey);
> EVP_PKEY_CTX_free(pctx);
>
>This works with other algorithms like DSA/DH too so you'll probably want
>to
>check the key is of the correct type first.
>
>Steve.
>--
>Dr Stephen N. Henson. OpenSSL project core developer.
>Commercial tech support now available see: http://www.openssl.org
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



More information about the openssl-users mailing list