[openssl-users] Raw EC key to EVP_PKEY to certificate

Ken Goldman kgoldman at us.ibm.com
Sat Dec 31 01:20:38 UTC 2016 

My overall goal is to create an X509 certificate for an ECC public key. 
I am starting with the X and Y points.  The curve is NIST_P256.

Here's the basic code.  Am I close?

- EC_KEY ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)
- convert x and y from bin to bignum
- EC_KEY_set_public_key_affine_coordinates(ecKey, x, y)
- EVP_PUBKEY evpPubkey = EVP_PKEY_new()
- EVP_PKEY_set1_EC_KEY(evpPubkey, ecKey);
- X509_set_pubkey(x509Certificate, evpPubkey);

I'm getting far more information that I suspect I need.  See the two 
dumps below.

My result looks like this:

            Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
                     04:e7:de:55:b0:09:2f:0a:83:0a:c9:fc:f0:82:d7:
                     97:e0:4e:02:7d:75:08:44:74:3e:5f:b6:b3:29:3d:
                     ad:69:b3:f4:c5:3d:65:ed:94:23:89:37:5c:d5:e5:
                     4c:0b:77:d4:55:f6:3c:83:24:27:fb:cb:21:dc:66:
                     df:11:5d:ac:65
                 Field Type: prime-field
                 Prime:
                     00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                     00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                     ff:ff:ff
                 A:
                     00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                     00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                     ff:ff:fc
                 B:
                     5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
                     bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
                     60:4b
                 Generator (uncompressed):
                     04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
                     40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
                     98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
                     7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
                     68:37:bf:51:f5
                 Order:
                     00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
                     ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
                     63:25:51
                 Cofactor:  1 (0x1)
                 Seed:
                     c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
                     b7:81:9f:7e:90

while other certificates I see look like this:

             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
                     04:b2:72:2e:90:17:f8:19:2e:20:bb:cd:ee:fd:0a:
                     c5:f8:79:9f:33:e2:e3:04:f5:54:2c:39:7d:bb:b7:
                     7d:d5:b4:51:38:02:df:f1:14:44:81:9f:1e:1d:e1:
                     df:0e:4d:94:c8:15:26:5d:2a:96:9f:c2:dc:f0:c1:
                     3c:78:c1:1d:eb
                 ASN1 OID: prime256v1
                 NIST CURVE: P-256

More information about the openssl-users mailing list