[openssl-users] Generate ECC key with password protection
Ken Goldman
kgoldman at us.ibm.com
Fri Jan 13 18:06:10 UTC 2017
Thanks for the help. Am I getting closer?
On 1/13/2017 9:44 AM, Viktor Dukhovni wrote:
>>> Also, take a look at test/certs/mkcert.sh:
>>
>> I looked at that, but what is $bits?
>
> The curve name.
>
> You're sure fond of leaving off the leading "-" in option names.
> You'll also really want the "ec_param_enc" option when you get
> the rest of the syntax right.
OK, sorry, hyphen-o-phobia.
I gather now that there are two -pkeyopt:
ec_paramgen_curve
ec_param_enc
I tried prime256v1 for each, and also named_curve and explicit
for the second, in many combinations.
It's also not 100% clear whether I specify -pkeyopt each time, or once
and then pairs of opt:value.
In all combinations, I now get:
openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec -pkeyopt ec_paramgen_curve:prime256v1
ec_param_enc:explicit -text
parameter setting error
140171547424584:error:06089094:digital envelope
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:
More information about the openssl-users
mailing list