openssl 3.0.0 get ECC public key modulus from EVP_PKEY

Matt Caswell matt at
Wed Oct 13 16:06:21 UTC 2021

On 12/10/2021 23:37, Ken Goldman wrote:
> In pre-3.0.0, I used this, omitting the error checking, malloc, ...
>     ecPoint = EC_KEY_get0_public_key(ecKey);
>     ecGroup = EC_KEY_get0_group(ecKey);
>     EC_POINT_point2oct(ecGroup, ecPoint,
>                *modulusBin, *modulusBytes, NULL);
> In 3.0.0, I tried this, expecting to get a BIGNUM and then convert
>         irc = EVP_PKEY_get_bn_param(eccKey, OSSL_PKEY_PARAM_PUB_KEY, 
> (BIGNUM **)pub);
> It returns 0.
> What's the correct way to get the uncompressed ECC public key?
Refer to this man page:

For an EC key, the public key parameter is:

"pub" (OSSL_PKEY_PARAM_PUB_KEY) <octet string>
The public key value in EC point format.

You will note that this is an octet string and not an integer which is 
why EVP_PKEY_get_bn_param is failing.

Alternatively you could get the x and y components of the public key 
separately using:

"qx" (OSSL_PKEY_PARAM_EC_PUB_X) <unsigned integer>
Used for getting the EC public key X component.

"qy" (OSSL_PKEY_PARAM_EC_PUB_Y) <unsigned integer>
Used for getting the EC public key Y component.

In this case EVP_PKEY_get_bn_param would be appropriate.


More information about the openssl-users mailing list