Questions about using Elliptic Curve ciphers in OpenSSL

Kyle Hamilton aerowolf at gmail.com
Sun Feb 16 22:49:05 UTC 2020 

Be aware that you just posted your certificate's private key, and thus you
should regenerate a new keypair/certificate to use.  Otherwise, anyone who
can manipulate traffic to your machine can execute a man-in-the-middle
attack.

-Kyle H


On Fri, Feb 14, 2020, 07:40 Jason Schultz <jetson23 at hotmail.com> wrote:

>
> Thank you for your response Thulasi, this helped. I'm posting this back to
> the OpenSSL users list in case it helps anyone else, and in case anyone can
> help with my additional questions. While waiting for responses, I've been
> able to find out how my certificate and keys were generated. I'd like to
> walk through that to hopefully verify I'm handling things correctly.
>
> First, here is how my EC parameters file was generated:
>
> openssl ecparam -name prime256v1 -genkey -out myecparamsfile.pem
>
> And the resulting file:
>
> M640A-SAIL:/etc/ssl # openssl ecparam -in myecparamsfile.pem -text
>
> ASN1 OID: prime256v1
>
> NIST CURVE: P-256
>
> -----BEGIN EC PARAMETERS-----
>
> BggqhkjOPQMBBw==
>
> -----END EC PARAMETERS-----
>
>  # openssl ecparam -in myecparamsfile.pem -text
>
> ASN1 OID: prime256v1
>
> NIST CURVE: P-256
>
> -----BEGIN EC PARAMETERS-----
>
> BggqhkjOPQMBBw==
>
> -----END EC PARAMETERS-----
>
> Is this good so far? Do I need the -genkey?
>
> Then I take this file and use it when I generate my certificate and
> private key pair, here is the openssl command I used:
>
> openssl req -nodes -sha256 -newkey ec:/etc/ssl/private/myecparamsfile.pem
> -keyout mykeyout.pem -new -out mycertfileout.pem -config
> /etc/ssl/openssl.cnf -x509 -days 365 -outform pem
> Generating a EC private key
> writing new private key to 'mykeyout.pem'
> <parameter input snipped>
>
> And the resulting key:
>
> # cat mykeyout.pem
> -----BEGIN PRIVATE KEY-----
> MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbfUwVhomun9Q5IAY
> xTOAn+sDoXZ+k4UWkvUyfshPBJ6hRANCAAQsakFVUTV4JmfVJH31XOvHVhhBodnV
> 8evYCJSd2Jgo4uOomCSh3oekKL+Tia+LOmynygfvmneOX2YadoNr9uzH
> -----END PRIVATE KEY-----
>
> # openssl ec -noout -text -in mykeyout.pem
> read EC key
> Private-Key: (256 bit)
> priv:
>     6d:f5:30:56:1a:26:ba:7f:50:e4:80:18:c5:33:80:
>     9f:eb:03:a1:76:7e:93:85:16:92:f5:32:7e:c8:4f:
>     04:9e
> pub:
>     04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c:
>     eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8:
>     98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89:
>     af:8b:3a:6c:a7:ca:07:ef:9a:77:8e:5f:66:1a:76:
>     83:6b:f6:ec:c7
> ASN1 OID: prime256v1
> NIST CURVE: P-256
>
> And certificate:
>
> M740A-PMM1:/etc/ssl # openssl x509 -text -in mycertfileout.pem
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             e2:2f:c6:e4:bf:f1:de:20
>     Signature Algorithm: ecdsa-with-SHA256
>         Issuer: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My
> Name/emailAddress=test at example.com
>         Validity
>             Not Before: Feb 13 16:11:39 2020 GMT
>             Not After : Feb 12 16:11:39 2021 GMT
>         Subject: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My
> Name/emailAddress=test at example.com
>         Subject Public Key Info:
>             Public Key Algorithm: id-ecPublicKey
>                 Public-Key: (256 bit)
>                 pub:
>                     04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c:
>                     eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8:
>                     98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89:
>                     af:8b:3a:6c:a7:ca:07:ef:9a:77:8e:5f:66:1a:76:
>                     83:6b:f6:ec:c7
>                 ASN1 OID: prime256v1
>                 NIST CURVE: P-256
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 D6:8A:F3:3B:4E:A1:F8:F8:34:C1:1B:7A:EC:BF:9B:58:7F:68:4A:D9
>             X509v3 Authority Key Identifier:
>
> keyid:D6:8A:F3:3B:4E:A1:F8:F8:34:C1:1B:7A:EC:BF:9B:58:7F:68:4A:D9
>
>             X509v3 Basic Constraints:
>                 CA:TRUE
>     Signature Algorithm: ecdsa-with-SHA256
>          30:44:02:20:37:f0:f7:f7:4a:b4:8e:8f:64:72:e4:d1:31:9f:
>          a1:36:c5:5d:f3:42:4c:24:37:75:cf:b6:55:b0:66:1b:6e:63:
>          02:20:39:18:81:f8:6c:86:3a:57:74:05:cc:99:6c:d9:dc:6a:
>          a2:20:98:4c:66:a1:97:d1:c7:ea:42:b4:01:1a:f7:b2
>
> Then I call the APIs as described in my first email to use them:
>
> ctx = SSL_CTX_new(TLS_method());
>
> status = SSL_CTX_use_PrivateKey_file(ctx,<keyfile>,SSL_FILETYPE_PEM);
> status = SSL_CTX_use_certificate_file(ctx, ,<certfile>,SSL_FILETYPE_PEM);
>
>
> // Verify the cert and key are a pair
> status = SSL_CTX_check_private_key(ctx);
>
>
> Then call the APIs to set the curves and allow the server to pick the
> appropriate curve for the client:
>
> status = SSL_CTX_set1_curves_list(ctx, "P-521:P-384:P-256");
> status = SSL_CTX_set_ecdh_auto(ctx, 1);
>
>
> That should be it, right? The EC parameters file has been used to generate
> the private key, it does not need to be read in by an API call.
>
> With the steps above, I get a successful TLS connection from a client
> using ECDHE-ECDSA-AES256-GCM-SHA384.
>
> And yes, I think my main confusion was on what to do with the DH
> parameters file. I thought using ECDHE key exchange was similar to DSA with
> DH. With ECDHE, I don't need to read in a parameters file at all.
>
> If there's anything wrong above, please let me know, otherwise, thanks for
> all the help!
>
>
> ------------------------------
> *From:* Thulasi Goriparthi <thulasi.goriparthi at gmail.com>
> *Sent:* Wednesday, February 12, 2020 8:29 AM
> *To:* jetson23 at hotmail.com <jetson23 at hotmail.com>
> *Cc:* rsalz at akamai.com <rsalz at akamai.com>
> *Subject:* Re: Questions about using Elliptic Curve ciphers in OpenSSL
>
> To clarify further, EC keys can be generated from either explicit (group)
> parameters or named curves which are standardized numbers to specific group
> parameters.
>
> Explicit/Custom EC parameters are not recommended/convenient/usual. Your
> key contains parameters in the form of a named curve (p-256).
>
> You are probably getting confused between dhparam used to generate
> ephemeral keys for DHE based key exchange and EC curve selection for ECDHE
> based key exchange.
>
> Curve selection for ECDHE will be done from the list of curves offered by
> the client and can be different from the curve used in the server's
> certificate(ECDSA).
>
> Thanks,
> Thulasi.
>
>
> On Tue, 11 Feb, 2020, 23:24 Salz, Rich via openssl-users, <
> openssl-users at openssl.org> wrote:
>
> I believe you just load your ECDSA cert and the other stuff – Dhparams!! –
> is not needed.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200216/a4d48ac1/attachment.html>

More information about the openssl-users mailing list