[openssl-users] Naive: how to generate EC public key from EC private key?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Fri Mar 18 18:57:38 UTC 2016

First, Stephen and Viktor - thank you!

On 3/17/16, 19:45 , "openssl-users on behalf of Dr. Stephen Henson"
<openssl-users-bounces at openssl.org on behalf of steve at openssl.org> wrote:

>On Thu, Mar 17, 2016, Viktor Dukhovni wrote:
>>Well you can work with
>> to extract EC public key octets.
>That's only available in the master branch, only encodes the key value
>and not
>its parameters and of course it only works for EC.

Got it. I’ll not use it, as it’s too specific.

>>If you want an ASN.1 encoded "SPKI" object (i.e. an
>> X509_PUBKEY in OpenSSL) then you can use...

Yes, that’s PRECISELY what I want, thank you!

>>A shorter version of the above is possible via i2d_PUBKEY() which
>> handles the creation, encoding and destruction of the intermediate
>> X509_PUBKEY: . . .
>That's the preferred route as it uses the standard SubjectPublicKeyInfo
>format and works with any supported public key type.

Thank you!  The main disadvantage of the shorter version is that it does
not provide me with the length of the buffer it created. So for now I’ll
use the longer one - unless I’m missing something very obvious, and
there’s a trivial way to correctly tell the size of the returned buffer.

Along the same line - I am trying to generate ECDH key pair that would be
on the same curve that the keys on my hardware token. The tokens I’m
dealing with can have keys on either P-256 or P-384 curve.

My problem: I seem unable to figure out what curve the token keys belong
to. Here’s how the public key gets loaded:

	pubkey = ENGINE_load_public_key(*e, "id_03", NULL, NULL);
	if (pubkey == NULL) {
		fprintf(stderr, "wrap: failed to retrieve pubkey id_03\n");
		goto end;

	*bitsize = EVP_PKEY_size(pubkey);
	printf("wrap: ECC pubkey size is %1lu\n", *bitsize);

The problem with the above code is that it (apparently) gives me the size
of the EVP_PKEY object, while I mean to ask a different question.

How do I determine what curve the above key is on?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160318/48fab9f4/attachment.bin>

More information about the openssl-users mailing list