[openssl-dev] Reminder: OpenSSL's EC private key encoding is broken
Annie Yousar
a.yousar at informatik.hu-berlin.de
Tue Mar 24 11:10:22 UTC 2015
Dear all,
this should not have happened:
$ for i in `seq 1 1000` ; do if [ "x`openssl ecparam -genkey -name
prime256v1 -noout > key.pem; ls -l key.pem | sed '/ 227 /d'`" != " x" ];
then echo; cat key.pem;else echo -n "."; fi; done
....................................................................................
-----BEGIN EC PRIVATE KEY-----
MHYCAQEEH9gjg1X/Gn9X/2VTustsXS/OuWV9LU4ivfp5oewxbACgCgYIKoZIzj0D
AQehRANCAARlO6sLkCzJl7khaT8Nj6z3WpcDnMALQ4nI8Toc4/oYHtgUopeSMEj8
fgHw9Ym3/2GgClzweJXYLuTYRB7oR/MY
-----END EC PRIVATE KEY-----
............................................................................
...
Conforming to the standards the EC private key has always a fixed length,
defined by the group order.
Regards,
Ann.
More information about the openssl-dev
mailing list