openssl 3.0.0 get ECC public key modulus from EVP_PKEY

Matt Caswell matt at
Thu Oct 14 10:39:06 UTC 2021

On 13/10/2021 21:12, Ken Goldman wrote:
> I tried
>          irc = EVP_PKEY_get_octet_string_param(eccKey, 
>                            *priv, 256, (size_t *)privLen);
> which failed.

In your original email you were attempting to access 
OSSL_PKEY_PARAM_PUB_KEY as a BIGNUM which (correctly) failed because it 
is an octet string. Now you are trying to access 
OSSL_PKEY_PARAM_PRIV_KEY as an octet string which is (correctly) going 
to fail because it is an integer. From the same man page I previously 

"priv" (OSSL_PKEY_PARAM_PRIV_KEY) <unsigned integer>

The private key value.

Since its an integer using EVP_PKEY_get_bn_param() would be appropriate 
here, but not EVP_PKEY_get_octet_string_param().

Basically you need to know the type of the parameter you are attempting 
to access and use the right kind of "getter" to match the type - 
otherwise it will fail.


More information about the openssl-users mailing list