[openssl-users] Generate ECC key with password protection
Matt Caswell
matt at openssl.org
Fri Jan 13 14:38:15 UTC 2017
On 13/01/17 14:32, Ken Goldman wrote:
> Thanks, getting closer ...
>
> On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:
>>> My latest attempt is this. It gives me a usage error. Any hints?
>>>
>>> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr
>>> aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
>>
>> The "aes-256-cbc" argument is wrong. Try "-aes256".
>
> BTW, I got aes-256-cbc from
>
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>
> and > openssl list-cipher-commands
>
>>
>> Also, take a look at test/certs/mkcert.sh:
>
> I looked at that, but what is $bits?
>
> I got prime256v1, the curve I want, from
>
> openssl ecparam -list_curves
>
> My next tries:
>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
Try it with a "-" in front of "pkeyopt"!!!
Matt
>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:named_curve -text
>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:explicit -text
>
> I get:
>
> Error generating key
> 140529942484808:error:100C708B:elliptic curve routines:PKEY_EC_KEYGEN:no
> parameters set:ec_pmeth.c:294:
>
> It's probably this LOC, but what am I missing?
>
> if (ctx->pkey == NULL && dctx->gen_group == NULL) {
> ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
> return 0;
> }
>
>
More information about the openssl-users
mailing list