[openssl-users] Generate ECC key with password protection

Ken Goldman kgoldman at us.ibm.com
Fri Jan 13 18:49:14 UTC 2017


On 1/13/2017 1:21 PM, Viktor Dukhovni wrote:
> On Fri, Jan 13, 2017 at 06:18:51PM +0000, Viktor Dukhovni wrote:

Still no success.  I think this is exactly what you suggested, and 
something I had already tried.

openssl genpkey -out cakeyecc.pem -outform PEM -pass pass:rrrr -aes256 
-algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt 
ec_param_enc:named_curve -text

parameter setting error
139854491113288:error:06089094:digital envelope 
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:

>> Easier to read the documentation and use the appropriate value.
>
>     https://www.openssl.org/docs/man1.1.0/apps/genpkey.html

Yikes.  That's not in the  1.0.2 documentation at

https://www.openssl.org/docs/man1.0.2/apps/genpkey.html

Could it be that 1.0.2 doesn't support creation of EC keys?

Or, if the syntax is different, where can I find it?




More information about the openssl-users mailing list