从 OpenSSL 命令行生成 EC 密钥对 [英] Generate EC KeyPair from OpenSSL command line

问题描述

我希望能够在命令行中使用 openssl 生成密钥对私钥和公钥，但我不知道具体该怎么做.到目前为止我所做的是执行以下命令行，但这只会打印出我不知道它到底是什么的这个:s

I would like to be able to generate a key pair private and public key in command line with openssl, but I don't know exactly how to do it. What I have done so far was to do the following command line but this only prints me this which I don't know exactly what it is:s

FROM OPENSSL PAGE:使用显式参数创建 EC 参数:

FROM OPENSSL PAGE: To create EC parameters with explicit parameters:

openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit

-----BEGIN EC PARAMETERS-----
MIHHAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wSwQY
/////////////////////v/////////8BBhkIQUZ5ZyA5w+n6atyJDBJ/rje7MFG
ubEDFQAwRa5vyEIvZO1XlSjTgSDq4SGW1QQxBBiNqA6wMJD2fL8g60OhiAD0/wr9
gv8QEgcZK5X/yNp4YxAR7WskzdVz+XehHnlIEQIZAP///////////////5ne+DYU
a8mxtNIoMQIBAQ==
-----END EC PARAMETERS-----

谁能告诉我如何得到这样的东西:

can some one tell me how to get something like this:

//-----------------Generated Key Pair----------------------------------//
char privkey[]=
    "-----BEGIN EC PARAMETERS-----
"
    "BgUrgQQACQ==
"
    "-----END EC PARAMETERS-----
"
    "-----BEGIN EC PRIVATE KEY-----
"
    "MFACAQEEFI9sfpfTk0YlZx8JaCZnLsy4T6HYoAcGBSuBBAAJoSwDKgAEIlzYflxD
"
    "0396M0i6dGfSY3khTU7kiNyEv/B1EoyGmqvH7tjhSmpP1A==
"
    "-----END EC PRIVATE KEY-----
";
char pubkey[] =
    "-----BEGIN PUBLIC KEY-----
"
    "MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEIlzYflxD0396M0i6dGfSY3khTU7kiNyE
"
    "v/B1EoyGmqvH7tjhSmpP1A==
"
    "-----END PUBLIC KEY-----
";
//---------------------------------------------------------------------//

我从网上的一个代码中得到这个，它使用这个密钥对来使用 ECDSA 签署消息，但现在我希望能够生成我自己的密钥对(从 openssl 命令行)并在代码中使用它，比如这个，为我更改这个密钥对.

I got this from a code I got online which uses this key pair to sign messages with ECDSA, but now I would like to be able to generate my own key pair(from openssl command line) and use it in the code like this, to change this key pair for mine.

就我而言，我想使用 NIST P225，即prime256v1".

In my case I would like to use NIST P225 which is "prime256v1".

有人可以帮我吗?

谢谢，最好的问候

推荐答案

私钥

假设一个 UX 平台，例如 OS X 或 Linux.测试时也省略 $.生成私有 ECDSA 密钥:

Assuming an UX platform such as OS X or Linux. Also omit the $ when testing. Generate a private ECDSA key:

 $ openssl ecparam -name prime256v1 -genkey -noout -out private.ec.key

使用密码短语转换和加密私钥:

Convert and encrypt the private key with a pass phrase:

 $ openssl pkcs8 -topk8 -in private.ec.key -out private.pem

只要您记住密码短语，您现在就可以安全地删除 private.ec.key.

You can now securely delete private.ec.key as long as you remember the pass phrase.

公钥

生成公共 ECDSA 密钥:

Generate public ECDSA key:

 $ openssl ec -in private.pem -pubout -out public.pem

测试

制作一个小文本文件进行测试:

Make a small text file for testing:

 $ touch msg.txt | echo "hello world" > msg.txt

制作哈希摘要:

 $ openssl dgst -sha256 -out msg.digest.txt msg.txt

从摘要中制作一个签名文件:

Make a signature file out of the digest:

 $ openssl dgst -sha256 -sign private.pem -out msg.signature.txt msg.digest.txt

验证签名:

 $ openssl dgst -sha256 -verify public.pem -signature msg.signature.txt msg.digest.txt

此外，您可能希望在邮寄之前将签名编码为 base64，然后在收到签名之前将其解码到 bin 中.

Additionally you may want to encode the signature to base64 before mailing it, and then decode it to bin before verifying after you receive it.

这是你的做法:

编码:

 $ openssl base64 -in msg.signature.txt -out msg.base64.sig.txt

解码:

 $ openssl base64 -d -in msg.base64.sig.txt -out msg.signature.txt

这篇关于从 OpenSSL 命令行生成 EC 密钥对的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！