[openssl-users] Generate ECC key with password protection
kgoldman at us.ibm.com
Fri Jan 13 18:06:10 UTC 2017
Thanks for the help. Am I getting closer?
On 1/13/2017 9:44 AM, Viktor Dukhovni wrote:
>>> Also, take a look at test/certs/mkcert.sh:
>> I looked at that, but what is $bits?
> The curve name.
> You're sure fond of leaving off the leading "-" in option names.
> You'll also really want the "ec_param_enc" option when you get
> the rest of the syntax right.
OK, sorry, hyphen-o-phobia.
I gather now that there are two -pkeyopt:
I tried prime256v1 for each, and also named_curve and explicit
for the second, in many combinations.
It's also not 100% clear whether I specify -pkeyopt each time, or once
and then pairs of opt:value.
In all combinations, I now get:
openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec -pkeyopt ec_paramgen_curve:prime256v1
parameter setting error
More information about the openssl-users