如何使用OpenSSL命令行创建ECDSA证书 [英] How do I create an ECDSA certificate with the OpenSSL command-line
问题描述
我正在用C ++构建服务器应用程序,该应用程序需要接受包含ECDSA公钥的证书。它必须验证证书,并在验证时使用证书中包含的公钥来验证与证书一起发送的消息。
I'm building a server app in C++ that needs to accept a certificate containing an ECDSA public key. It must validate the certificate and, upon verification, use the public key contained in the certificate to authenticate a message sent along with the certificate.
我使用即时生成的ECDSA密钥对来完成所有工作-即我的代码运行良好-但现在我需要做证书。
I have all this working using ECDSA keypairs generated on the fly - i.e. my code is working nicely - but now I need to do the certificate piece.
我想我可以使用OpenSSL的命令行来创建安装在客户端上的证书(以及ECDSA私钥在单独的文件中)。
And I figured I could use OpenSSL's command-line to create the certificate which is installed on the client (along with the ECDSA private key in a separate file).
有人可以帮忙吗?
推荐答案
如果您尚未选择曲线,您可以使用以下命令列出它们:
If you haven't chosen a curve, you can list them with this command:
openssl ecparam -list_curves
在此示例中,我选择了 secp256r1
。如果还没有,请使用此命令生成EC私钥:
I picked secp256r1
for this example. Use this to generate an EC private key if you don't have one already:
openssl ecparam -out ec_key.pem -name secp256r1 -genkey
然后生成证书。您的证书将位于 cert.pem
中。
And then generate the certificate. Your certificate will be in cert.pem
.
openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
另请参见:< a href = http://www.openssl.org/docs/apps/req.html rel = noreferrer>要求, ecparam
这篇关于如何使用OpenSSL命令行创建ECDSA证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!