<html><head></head><body><div class="ydp6e84f655yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div id="ydp6e84f655yiv9814576703"><div><div class="ydp6e84f655yiv9814576703ydp969c4d69yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div><div dir="ltr"><div><div class="ydp6e84f655yiv9814576703ydp7a24ca91msg-body ydp6e84f655yiv9814576703ydp7a24ca91P_wpofO ydp6e84f655yiv9814576703ydp7a24ca91iy_A ydp6e84f655yiv9814576703ydp7a24ca91mq_AS"><div class="ydp6e84f655yiv9814576703ydp7a24ca91jb_0 ydp6e84f655yiv9814576703ydp7a24ca91X_6MGW ydp6e84f655yiv9814576703ydp7a24ca91N_6Fd5"><div><div id="ydp6e84f655yiv9814576703ydp7a24ca91yiv5844560843"><div><div class="ydp6e84f655yiv9814576703ydp7a24ca91yiv5844560843ydp2a3e58f8yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div><div dir="ltr">Hello,</div><div dir="ltr"><br></div><div dir="ltr">Not a genius with openssl or encryption at all. Thanks for reading.</div><div dir="ltr"><br></div><div dir="ltr">Background:<br></div><div dir="ltr"><br></div><div dir="ltr">* Generate a private key (really key set) with named curve:</div><div dir="ltr"><span>openssl
genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt
ec_param_enc:named_curve -outform PEM -out
account-privkey-prime256v1.pem</span><br></div><div dir="ltr">* Look at named curves representation:</div><div dir="ltr">openssl pkey -in <span><span>account-privkey-prime256v1.pem</span></span> -noout -text<br></div><div dir="ltr">* Look at explicit encoding ( I want x and y coordinates ):</div><div dir="ltr"><span>openssl ec -in <span><span><span>account-privkey-prime256v1.pem</span></span></span> -param_enc explicit -text -noout</span></div><div dir="ltr"><span><br></span></div><div dir="ltr"><span>Example output:</span></div><div dir="ltr"><div>read EC key<br>Private-Key: (256 bit)<br>priv:<br> ae:b7:b9:30:ed:3d:2f:03:b9:0c:bd:b8:39:b9:5c:<br> 39:33:c0:48:f1:45:a2:b4:8a:1b:4c:8c:86:f0:86:<br> 2a:5a<br>pub:<br> 04:68:1f:bc:7f:2b:c8:c3:c1:4d:5e:b1:2c:b5:29:<br> 62:d7:01:21:51:70:bc:e5:30:ab:10:96:c8:23:0a:<br> 7b:df:85:00:7b:fb:bb:58:4d:e6:4a:80:a6:ef:a1:<br> be:df:72:08:48:e0:3c:13:d4:7d:f8:62:75:d0:d8:<br> b5:aa:c2:b3:c1<br>Field Type: prime-field<br>Prime:<br> 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:<br> 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:<br> ff:ff:ff<br>A: <br> 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:<br> 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:<br> ff:ff:fc<br>B: <br> 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:<br> bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:<br> 60:4b<br>Generator (uncompressed):<br> 04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:<br> 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:<br> 98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:<br> 7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:<br> 68:37:bf:51:f5<br>Order: <br> 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:<br> ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:<br> 63:25:51<br>Cofactor: 1 (0x1)<br>Seed:<br> c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:<br> b7:81:9f:7e:90<br><br></div><div dir="ltr">* <span>RFC7518, sec. 6.2.1</span> requires for public key representation key-value pairs for keys 'crv', 'x', and 'y'.</div><div dir="ltr">The 'crv' value is easy. It's the line <span>NIST CURVE: P-256 from the -text for named curve format, not shown above.</span></div><div dir="ltr"><span>The 'x' and the 'y' are not shown. My guess from looking online is that x and y are in the value for openssl -text</span></div><div dir="ltr"><span>value '<span>pub'. In output above, pub value (abbreviated) is 04:68...b3:c1. I have not been successful in unpacking</span></span></div><div dir="ltr"><span><span>the pub value to show anything coherent.</span> I think the colons can be dropped and what's left can be decoded</span></div><div dir="ltr"><span>base64 or base64url. My openssl (Debian linux) has no 'base64' subcommand.</span></div><div dir="ltr"><span><br></span></div><div dir="ltr"><span>I
have found nothing online about this. I figure this should be
important. Typically, lack of relevant documentation online means I am
making a very original mistake. I am not subscribed to the <span>openssl-users@openssl.org mailing list. I can of course check</span></span></div><div dir="ltr"><span><span>the archives and see if this went into it.</span></span></div><div dir="ltr"><span><span><br></span></span></div><div dir="ltr"><span><span>What am I doing wrong?</span>
I think it's a conceptual thing. I am not a C programmer and don't
exactly want to figure out how to use the C functions. Even so, I am
interested in what's a reasonable approach, even if not so reasonable
for me. I must be doing something unreasonable. Thanks. Happy Holidays
if that applies to you.</span></div><div dir="ltr"><span><br></span></div><div dir="ltr"><span>Bonus
Question: Do I or should I worry about seeding for the Pseudorandom
Number Generator (PRNG). It seems to me that it would be nice to get a
pseudo-random number and just mess it up a bit in a text editor and use
that as the seed for making a new key. Just a guess. If you have an
informed thought on that, I'd be interested.<br></span></div><div dir="ltr"><span><br></span></div><div dir="ltr"><span>Thanks for openssl and everything! It's indispensible free software.<br></span></div></div></div></div></div></div></div></div></div><span class="ydp6e84f655yiv9814576703ydp7a24ca91em_N ydp6e84f655yiv9814576703ydp7a24ca91en_N"></span></div></div><div><br></div><div class="ydp6e84f655yiv9814576703ydp969c4d69signature"><div>Douglas Morris<br></div></div></div></div></div></div></div></body></html>