Openssl Generate Ecc Public Key
Openssl Generate Ecc Public Key 5,0/5 982 reviews

How to generate RSA and EC keys with OpenSSL. How to generate keys in PEM format using the OpenSSL command line tools? The JOSE standard recommends a minimum RSA key size of 2048 bits. To generate a 2048-bit RSA private + public key pair for use in RSxxx and PSxxx signatures: openssl genrsa 2048 -out rsa-2048bit-key-pair.pem Elliptic. OpenSSL provides two command line tools for working with keys suitable for Elliptic Curve (EC) algorithms: openssl ecparam openssl ec The only Elliptic Curve algorithms that OpenSSL currently supports are Elliptic Curve Diffie Hellman (ECDH) for key agreement and Elliptic Curve Digital Signature Algorithm (ECDSA) for signing/verifying.

These instructions are suitable for OpenSSL 0.98 and higher.

Preamble

ECC certificates can have compatibility issues with servers and browsers (see Technical limitation of ECC certificates). Before placing an order for such a certificate, you should test them. To do so, use our Generator of self-signed certificate. Select ECC option and get your certificate in a matter of minutes!

Key

In order to gain some time, you can now generate your command line with our CSR creation assistant tool. Just copy/paste to finalize!

1- Generate the private key

  • Connect under root and access the setup directory of your Apache server.
    It is often:
  • We'll place our working files here but you can choose an other repertory.
  • Choose a file's name that fits you and generate the key with the following command:
  • If you want this key to be protected by a password (that will be requested any time you'll restart Apache):

Make a backup copy of the .key file!

  • Protect your file with:

2- Create your certificate request (CSR)

  • Use this command to generate the CSR:
  • The system will then ask you to fill in fields. To do so respect instructions of the page Obtain a server certificate
    Country Name (2 letter code) []: (FR in France for example)
    State or Province Name (full name) [Some-State]: (your state or province name, name of your département in France)
    Locality Name (eg, city) []: (the name of your city)
    Organization Name (eg, company) []: (your organization name)
    Organizational Unit Name (eg, section) []: (do not fill - advised - or enter a generic term such as 'IT Department'.)
    Common Name (eg, YOUR name) []: (the name of the website to be secured)
    Email Address []: (let blank)
  • Do not fill in fields such as: 'A challenge password' or 'An optional company name'

3- Finalize the order process

  • Use the appropriate link to place your order on our website. See Access an order form.
  • Copy/paste the content of the www.example.com.csr file in the form. The system will automatically detect the format of the CSR to issue an ECC certificate.

Useful links

  • Generate your command line with our CSR creation assistant tool.
Last edited on 07/05/2017 08:23:21 --- [search]
© TBS INTERNET, all rights reserved. All reproduction, copy or mirroring prohibited. Legal notice. -- Powered by anwiki

The OpenSSL EC library provides support for Elliptic Curve Cryptography (ECC). It is the basis for the OpenSSL implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH).

Note: This page provides an overview of what ECC is, as well as a description of the low-level OpenSSL API for working with Elliptic Curves. If all you need is support for normal ECDSA and ECDH operations then you should normally use the high-level EVP API. Refer to EVP Signing and Verifying for how to perform digital signature operations (including using ECDSA), EVP Key Derivation for how to derive shared secrets using Diffie-Hellman and Elliptic Curve Diffie-Hellman, and EVP Key and Parameter Generation for details of how to create EC Keys.

Why use Elliptic Curves?[edit]

The primary advantage of using Elliptic Curve based cryptography is reduced key size and hence speed. Elliptic curve based algorithms use significantly smaller key sizes than their non elliptic curve equivalents. The difference in equivalent key sizes increases dramatically as the key sizes increase. The approximate equivalence in security strength for symmetric algorithms compared to standard asymmetric algorithms and elliptic curve algorithms is shown in the table below.

Symmetric Key Length Standard asymmetric Key Length Elliptic Curve Key Length
80 1024 160
112 2048 224
128 3072 256
192 7680 384
256 15360 512

As can be seen, to get equivalent strength to a 256 bit symmetric key, a standard asymmetric algorithm would have to use an enormous key of 15360 bits. Keys of this size are typically not practical due to the amount of processing power that would be required, and therefore the speed of the operations. However, with elliptic curve algorithms, the equivalent key length is 512 bits, which is entirely practical.

What is an Elliptic Curve?[edit]

First of all some terminology. We need to define what is meant by a field. In essence a field is a set of elements with operations defined for the elements of that set that equate to something like addition, substraction, multiplication and division. The elements could be numbers, or they could be something else entirely. In order to be a field the following conditions also have to be met:

Openssl Generate Ecc Public Key Largo

  • Both addition and multiplicaiton are closed over the set, so for example if a and b are in the set then so are a + b and a * b
  • Addition and multiplication must be associative: so a + (b + c) = (a + b) + c and similarly for multiplication
  • Addition and multiplication must be commutative: so a + b = b + a and similarly for multiplication
  • Both addition and multiplication must have identity elements. So, for example 0 and 1 where: a + 0 = a, and a * 1 = a
  • There must be additive and multiplicative inverses for all elements in the set. So, for example, for every element a in the set there is also a -a so that a + (-a) = 0 (where 0 is the identity element for addition). Similarly for multiplication.
  • Multiplication distributes over addition. So if a, b and c are in the set then a * (b + c) = (a * b) + (a * c)

A finite field is simply a field where the set has a finite number of elements. So, for example, the set of all integers could not be used as the basis for a finite field because there are an infinite number of them. However the set of integers from 0 to 100 could form the basis of a finite field.

So now we can define what an Elliptic Curve is. In general an Elliptic Curve is one of the form:y² = x³ + ax + b, where x, y, a and b are elements of some Field

In Elliptic Curve Cryptography we further restrict this such that x, y, a and b are elements of a finite field.

Contrary to its name Elliptic Curves do not form an ellipse!

Ok, so far so good - but now it gets a bit more complicated! As well as the points on our curve we add an additional 'special' point known as infinity. Using this set of points (i.e. all the points on the curve and infinity), we can define some operations on this set, which we call Point Addition and Point Multiplication.

Points on a curve are given in terms of their x and y co-ordinates, (x, y). Point Addition is essentially an operation which takes any two given points on a curve and yields a third point which is also on the curve. The maths behind this gets a bit complicated but think of it in these terms. Plot two points on an elliptic curve. Now draw a straight line which goes through both points. That line will intersect the curve at some third point. That third point is the result of the addition operation. Point Doubling is similar and can be thought of as adding a point to itself. Imagine a point on the curve and draw a straight line which is a tangent to the curve at that point. The result of the Point Doubling operation is where that tangent line intersects the curve at some other point.

Point multiplication is the operation of taking a point on the curve and 'multiplying' it by some number. In practice this is achieved through repeated addition and doubling operations.

So with our set of points on a curve (plus the special point, infinity) we can start doing something useful. First of all we pick a point on the curve called the generator (we'll call it g).

Now:

  • 0g = infinity
  • 1g = g
  • 2g = g + g
  • 3g = g + g + g (or 2g + g)
  • and so on.
Generate

Remember g, 2g and 3g are all points on the curve, and + in this context means point addition as defined above. If you keep going in this way you will eventually come to some number (lets call it n), such that ng = infinity. The set of points generated by repeatedly adding g to itself, along with the Point Addition operation together form a mathematical structure known as a group.

If you are lucky then you may have chosen a curve and a g, such that continually adding g to itself will eventually visit all of the possible points on the curve - but often this is not the case. The number n as defined above, is called the order of g. For various complicated mathematical reasons it also turns out that the total number of points that exist on the curve is divisble by n. Dividing the total number of points by n gives you another number known as the cofactor.

The security of Elliptic Curve Cryptography comes from the fact that given some point on the curve kg, (where k is a number and g is the known generator point), it is difficult to work out what the value of k is. This is known as the discrete logarithm problem. In the Elliptic Curve Cryptography algorithms ECDH and ECDSA, the point kg would be a public key, and the number k would be the private key.

Types of Field[edit]

In principle there are many different types of field that could be used for the values x and y of a point (x, y). In practice however there are two primary ones used, and these are the two that are supported by the OpenSSL EC library.

The simplest is typically referred to as the prime field Fp where p is a prime number. In cryptographic applications p must be a very large prime number. The elements of the set are simply the numbers 0 through to p-1, and addition and multiplication over the field have the normal meaning for modular (or clock) arithmetic. So, if p=7 then the elements of the set are {0, 1, 2, 3, 4, 5, 6} and:

0 + 1 = 1

2 + 3 = 5

3 + 3 = 6

4 + 3 = 0

5 + 4 = 2

and so on.

The next common type of field is referred to as the binary field F2m. Elements of a binary field are typically represented as polynomials and not as numbers. So for example an element could be:

x4+x2+1

This can then be expressed as a binary number ({1 0 1 0 1} in this case), where each term represents one bit in the binary representation. Addition of such polynomials is done as normal but with the result of each term reduced modulo 2. So for example:

(x2 + 1) + (x2 + x) = 2x2 + x + 1

Each term is then reduced modulo 2 to give an answer 0x2 + x +1 = x + 1

In binary representation this sum could be expressed as follows:

{1 0 1} + {1 1 0} = {0 1 1}

Note then that addition is just a simple XOR operation.

Multiplication in the binary field is done respective to an irreducible polynomial. Multiplication of polynomials is done in the normal way and the result is then divided by the irreducible polynomial. The remainder is the result of the multiplication. See Finite Field Arithmetic, for a discussion of binary field arithmetic.

Defining Curves[edit]

The parameters necessary for performing cryptographic operations for ECDH and ECDSA are simply the parameters required to set up the curve. Namely, the type of field e.g. prime (Fp) or binary (F2m), the value p for a prime field, the irreducible polynomial for a binary field, the values a and b from the curve equation, the generator point (g), the order, and the cofactor.

Fortunately, unless you are defining a new curve (not recommended unless you know what you are doing), or you are using an unusual curve that OpenSSL does not have support for, you can usually utilise one of the named curves that are built-in to OpenSSL. These are a set of well known and widely used curves. The complete collection of curve parameters can be set in one go simply by selecting the appropriate named curve using EC_GROUP_new_by_curve_name.

If a custom curve needs to be created, then it can be done as follows. This example code creates the same curve as the code above, but creates it 'manually'. In this example a prime field is being used, and the prime number is provided in the variable p. If a binary field was being created instead then a bit string representing the irreducible polynomial would have been provided in the p variable. For further information on the low level EC functions being used refer to the EC manual pages:

Working with Keys[edit]

Keys for ECDH and ECDSA are represented using an EC_KEY structure in the low level EC API. If you are using the preferred high-level EVP API then this EC_KEY structure will be wrapped in an EVP_PKEY object.

Creating a new EC_KEY is a process of creating a curve as described above, creating a new EC_KEY object, and then setting the key to use the curve using the EC_KEY_set_group function. Alternatively, the creation of the curve and the key can be done in one step as shown below using EC_KEY_new_by_curve_name:

At this point the EC_KEY object has been set up and associated with the curve - but it is empty. There is no key data in it. In order to generate new keys for use with the EVP interface see EVP Key and Parameter Generation. To generate them using the low level API this can be done as follows:

Note that this operation generates a public and private key pair. Alternatively you may already know either the private key, the public key, or both. Setting the private key and/or public key is done as follows:

If you set the private key then you must also set the public key. There have been occasional questions on the openssl-users email list from people who only have the private key but do not know the public key. Fortunately calculating the public key is simply a matter of multiplying the private key by the generator for the curve using EC_POINT_mul:

Finally, it is possible to convert a low-level EC_KEY object into an EVP_PKEY object using the EVP_PKEY_set1_EC_KEY function described in the manual here: Manual:EVP_PKEY_set1_RSA(3)

Named Curves[edit]

If you want to save a key and later load it with SSL_CTX_use_PrivateKey_file, then you must set the OPENSSL_EC_NAMED_CURVE flag on the key. You do that by calling EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE). Failure to do so will result in a SSL error of 0x1408a0c1 (no shared cipher) at the server.

As an example, the following creates a elliptic curve key and saves it using a named curve rather than an expanded list of group paramters:

If you want to detect the flags after reading a key or certificate from disk, then use the following code:

The certificates below were dumped with openssl x509 -in server-ecdsa-cert.pem -text -noout. The certificate on the left was created with a key using OPENSSL_EC_NAMED_CURVE, while the certificate on the right was not. Notice the certificate on the left includes ASN1 OID: prime256v1. The certificate on the left can be used with SSL server using ECDSA, but the certificate on the right cannot because it will result in 0x1408a0c1 at the server.

Figure 1: Key with OPENSSL_EC_NAMED_CURVE
Figure 2: Key without OPENSSL_EC_NAMED_CURVE

If you use a key or certificate without without the OPENSSL_EC_NAMED_CURVE flag (i.e., one that looks like the image on the right), then the SSL connection will fail with the following symptoms:

Note that OpenSSL's X509_verify, X509_verify_cert, SSL_CTX_check_private_key, SSL_CTX_use_PrivateKey_file, and SSL_CTX_use_certificate_chain_file will not return a failure when using a key or certificate in the wrong format.

Openssl Create Private Key

See also[edit]

Openssl Generate Ecc Public Key West

Retrieved from 'https://wiki.openssl.org/index.php?title=Elliptic_Curve_Cryptography&oldid=2812'