从OpenSSL命令行生成EC KeyPair [英] Generate EC KeyPair from OpenSSL command line
问题描述
我希望能够在命令行中使用openssl生成密钥对私钥和公钥,但是我不知道该怎么做。到目前为止,我所做的就是执行以下命令行,但这仅显示了我不知道确切的内容:s
I would like to be able to generate a key pair private and public key in command line with openssl, but I don't know exactly how to do it. What I have done so far was to do the following command line but this only prints me this which I don't know exactly what it is:s
从OPENSSL页面:要使用显式参数创建EC参数:
FROM OPENSSL PAGE: To create EC parameters with explicit parameters:
openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
-----BEGIN EC PARAMETERS-----
MIHHAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wSwQY
/////////////////////v/////////8BBhkIQUZ5ZyA5w+n6atyJDBJ/rje7MFG
ubEDFQAwRa5vyEIvZO1XlSjTgSDq4SGW1QQxBBiNqA6wMJD2fL8g60OhiAD0/wr9
gv8QEgcZK5X/yNp4YxAR7WskzdVz+XehHnlIEQIZAP///////////////5ne+DYU
a8mxtNIoMQIBAQ==
-----END EC PARAMETERS-----
有人可以告诉我如何得到这样的东西:
can some one tell me how to get something like this:
//-----------------Generated Key Pair----------------------------------//
char privkey[]=
"-----BEGIN EC PARAMETERS-----\n"
"BgUrgQQACQ==\n"
"-----END EC PARAMETERS-----\n"
"-----BEGIN EC PRIVATE KEY-----\n"
"MFACAQEEFI9sfpfTk0YlZx8JaCZnLsy4T6HYoAcGBSuBBAAJoSwDKgAEIlzYflxD\n"
"0396M0i6dGfSY3khTU7kiNyEv/B1EoyGmqvH7tjhSmpP1A==\n"
"-----END EC PRIVATE KEY-----\n";
char pubkey[] =
"-----BEGIN PUBLIC KEY-----\n"
"MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEIlzYflxD0396M0i6dGfSY3khTU7kiNyE\n"
"v/B1EoyGmqvH7tjhSmpP1A==\n"
"-----END PUBLIC KEY-----\n";
//---------------------------------------------------------------------//
我是从在线代码中获得的,该代码使用此密钥对与ECDSA签署消息,但是现在我希望能够生成自己的密钥对(从openssl命令行)并在其中使用
I got this from a code I got online which uses this key pair to sign messages with ECDSA, but now I would like to be able to generate my own key pair(from openssl command line) and use it in the code like this, to change this key pair for mine.
对于我来说,我想使用NIST P225,即 prime256v1。
In my case I would like to use NIST P225 which is "prime256v1".
有人可以帮我吗?
谢谢,最好的问候
推荐答案
私有密钥
假定使用OS X或Linux等UX平台。在测试时也忽略$。生成私有ECDSA密钥:
Assuming an UX platform such as OS X or Linux. Also omit the $ when testing. Generate a private ECDSA key:
$ openssl ecparam -name prime256v1 -genkey -noout -out private.ec.key
使用密码短语转换和加密私钥:
Convert and encrypt the private key with a pass phrase:
$ openssl pkcs8 -topk8 -in private.ec.key -out private.pem
现在,只要您记住密码,就可以安全地删除 private.ec.key 。
You can now securely delete private.ec.key as long as you remember the pass phrase.
公共密钥
生成公共ECDSA密钥:
Generate public ECDSA key:
$ openssl ec -in private.pem -pubout -out public.pem
测试
制作一个小的文本文件进行测试:
Make a small text file for testing:
$ touch msg.txt | echo "hello world" > msg.txt
进行哈希摘要:
$ openssl dgst -sha256 -out msg.digest.txt msg.txt
从摘要中提取签名文件:
Make a signature file out of the digest:
$ openssl dgst -sha256 -sign private.pem -out msg.signature.txt msg.digest.txt
验证签名:
$ openssl dgst -sha256 -verify public.pem -signature msg.signature.txt msg.digest.txt
另外,您可能希望在邮寄签名之前将签名编码为base64,然后将其解码为bin,然后在收到后进行验证。
Additionally you may want to encode the signature to base64 before mailing it, and then decode it to bin before verifying after you receive it.
这是您的操作方式:
编码:
$ openssl base64 -in msg.signature.txt -out msg.base64.sig.txt
解码:
$ openssl base64 -d -in msg.base64.sig.txt -out msg.signature.txt
这篇关于从OpenSSL命令行生成EC KeyPair的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
