[openssl-users] Naive: how to generate EC public key from EC private key?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Fri Mar 18 18:59:36 UTC 2016


Answered my own question: should use EVP_PKEY_bits(pkey) instead.
-- 
Regards,
Uri Blumenthal





On 3/18/16, 14:57 , "openssl-users on behalf of Blumenthal, Uri - 0553 -
MITLL" <openssl-users-bounces at openssl.org on behalf of uri at ll.mit.edu>
wrote:

>First, Stephen and Viktor - thank you!
>
>On 3/17/16, 19:45 , "openssl-users on behalf of Dr. Stephen Henson"
><openssl-users-bounces at openssl.org on behalf of steve at openssl.org> wrote:
>
>>On Thu, Mar 17, 2016, Viktor Dukhovni wrote:
>>> 
>>>Well you can work with
>>>http://openssl.org/docs/manmaster/crypto/EC_KEY_key2buf.html
>>> to extract EC public key octets.
>>
>>That's only available in the master branch, only encodes the key value
>>and not
>>its parameters and of course it only works for EC.
>
>Got it. I’ll not use it, as it’s too specific.
>
>>>If you want an ASN.1 encoded "SPKI" object (i.e. an
>>> X509_PUBKEY in OpenSSL) then you can use...
>
>Yes, that’s PRECISELY what I want, thank you!
>
>>>A shorter version of the above is possible via i2d_PUBKEY() which
>>> handles the creation, encoding and destruction of the intermediate
>>> X509_PUBKEY: . . .
>>That's the preferred route as it uses the standard SubjectPublicKeyInfo
>>format and works with any supported public key type.
>
>Thank you!  The main disadvantage of the shorter version is that it does
>not provide me with the length of the buffer it created. So for now I’ll
>use the longer one - unless I’m missing something very obvious, and
>there’s a trivial way to correctly tell the size of the returned buffer.
>
>Along the same line - I am trying to generate ECDH key pair that would be
>on the same curve that the keys on my hardware token. The tokens I’m
>dealing with can have keys on either P-256 or P-384 curve.
>
>My problem: I seem unable to figure out what curve the token keys belong
>to. Here’s how the public key gets loaded:
>
>	pubkey = ENGINE_load_public_key(*e, "id_03", NULL, NULL);
>	if (pubkey == NULL) {
>		fprintf(stderr, "wrap: failed to retrieve pubkey id_03\n");
>		ERR_print_errors_fp(stderr);
>		goto end;
>	}
>
>	*bitsize = EVP_PKEY_size(pubkey);
>	printf("wrap: ECC pubkey size is %1lu\n", *bitsize);
>
>
>The problem with the above code is that it (apparently) gives me the size
>of the EVP_PKEY object, while I mean to ask a different question.
>
>How do I determine what curve the above key is on?
>
>Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160318/142de8eb/attachment-0001.bin>


More information about the openssl-users mailing list