ECC keypair generation with password

Michael Wojcik Michael.Wojcik at microfocus.com
Thu Feb 28 20:55:41 UTC 2019


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
> Ken Goldman
> Sent: Thursday, February 28, 2019 15:06
>
> I've been using this command to generate a password protected ECC keypair.
>
> openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256
> -passout pass:passwd -text > tmpecprivkey.pem
>...
>
> Now I must send the PEM file to a crypto library that does not support
> -----BEGIN ENCRYPTED PRIVATE KEY-----
>
> It expects
> -----BEGIN EC PRIVATE KEY-----
>
> Its parser does accept a password.
>
> Is there a way to generate that PEM file?  I.e.
>
> A password protected ECC keypair in -----BEGIN EC PRIVATE KEY----- format

You don't say what version of OpenSSL you're using.

Have you tried just changing the PEM header and footer? OpenSSL doesn't like that (it expects an unencrypted EC keypair for "EC PRIVATE KEY"), but maybe this other library does.

Are you sure the other library is expecting an encrypted key? Have you tried with an unencrypted one, but using the "EC PRIVATE KEY" header/footer?

--
Michael Wojcik
Distinguished Engineer, Micro Focus




More information about the openssl-users mailing list