RE: “EC PUBLIC KEY”
Michael.Wojcik at microfocus.com
Wed Nov 17 17:22:17 UTC 2021
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of
> Felipe Gasper
> Sent: Wednesday, 17 November, 2021 09:12
> To: openssl-users at openssl.org
> Subject: “EC PUBLIC KEY”
> Does OpenSSL intend to handle EC public keys that in PEM begin
> “BEGIN EC PUBLIC KEY”?
> I can’t find a way to output this format and am not sure if it’s
> actually defined anywhere, but it seems like a logical analogue to the
> default/legacy RSA public key format.
With 1.1.1i (which is the version of the openssl command-line utility that I happen to have on my path at the moment):
# Generate a new Ed25519 key pair:
$ openssl genpkey -algorithm ed25519 -out ed25519-key.pem
# Extract its public key:
$ openssl pkey -in ed25519-key.pem -pubout ed25519-key-public.pem
# Confirm the public key:
$ openssl pkey -pubin -in ed25519-key-public.pem
This uses the PEM header "BEGIN PUBLIC KEY", but it's an ECC public key in PEM format.
This version of OpenSSL doesn't recognize "BEGIN EC PUBLIC KEY", but it'd be trivial to script copying the key to a temporary file and editing the PEM header and footer.
More information about the openssl-users