RE: “EC PUBLIC KEY”

Michael Wojcik Michael.Wojcik at microfocus.com
Wed Nov 17 21:49:11 UTC 2021


> From: Michael Wojcik
> Sent: Wednesday, 17 November, 2021 14:22
> To: openssl-users at openssl.org
> Subject: RE: “EC PUBLIC KEY”
> 
> > From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of
> Billy
> > Brumley
> > Sent: Wednesday, 17 November, 2021 12:40
> > To: openssl-users at openssl.org
> > Subject: Re: “EC PUBLIC KEY”
> >
> > That's an ed25519 key. Not an ECC key. They are different formats, at
> > both the OID and asn1 structure levels.
> 
> Oh, of course you're right. Apologies.

Further on this, I'd like to know where the OP got a file with a "BEGIN EC PUBLIC KEY" header. Various discussions elsewhere (including one from this list in 2017) cast doubt on the existence of any such beast.

The PEM header "BEGIN EC PRIVATE KEY" is used by the OpenSSL "traditional" format for EC private keys. EC private keys in PKCS#8 format (in PEM format) use "BEGIN PRIVATE KEY" because PKCS#8 includes metadata about the key type.

Public keys all use "BEGIN PUBLIC KEY" (in PEM format) because, if I understand correctly, they're all in SPKI (SubjectPublicKeyInfo) format, as specified in RFC 5280 (PKIX Certificate and CRL Profile); and SPKI also includes key-type metadata.

If someone does have a file with a "BEGIN EC PUBLIC KEY" PEM header, it would be interesting to see it, or at least the output from openssl asn1parse, and to know where it came from.

Or I could be wrong about all of this once again. Live and learn.

-- 
Michael Wojcik


More information about the openssl-users mailing list