First, Stephen and Viktor - thank you! On 3/17/16, 19:45 , "openssl-users on behalf of Dr. Stephen Henson" <openssl-users-bounces at openssl.org on behalf of steve at openssl.org> wrote: >On Thu, Mar 17, 2016, Viktor Dukhovni wrote: >> >>Well you can work with >>http://openssl.org/docs/manmaster/crypto/EC_KEY_key2buf.html >> to extract EC public key octets. > >That's only available in the master branch, only encodes the key value >and not >its parameters and of course it only works for EC. Got it. I?ll not use it, as it?s too specific. >>If you want an ASN.1 encoded "SPKI" object (i.e. an >> X509_PUBKEY in OpenSSL) then you can use... Yes, that?s PRECISELY what I want, thank you! >>A shorter version of the above is possible via i2d_PUBKEY() which >> handles the creation, encoding and destruction of the intermediate >> X509_PUBKEY: . . . >That's the preferred route as it uses the standard SubjectPublicKeyInfo >format and works with any supported public key type. Thank you! The main disadvantage of the shorter version is that it does not provide me with the length of the buffer it created. So for now I?ll use the longer one - unless I?m missing something very obvious, and there?s a trivial way to correctly tell the size of the returned buffer. Along the same line - I am trying to generate ECDH key pair that would be on the same curve that the keys on my hardware token. The tokens I?m dealing with can have keys on either P-256 or P-384 curve. My problem: I seem unable to figure out what curve the token keys belong to. Here?s how the public key gets loaded: pubkey = ENGINE_load_public_key(*e, "id_03", NULL, NULL); if (pubkey == NULL) { fprintf(stderr, "wrap: failed to retrieve pubkey id_03\n"); ERR_print_errors_fp(stderr); goto end; } *bitsize = EVP_PKEY_size(pubkey); printf("wrap: ECC pubkey size is %1lu\n", *bitsize); The problem with the above code is that it (apparently) gives me the size of the EVP_PKEY object, while I mean to ask a different question. How do I determine what curve the above key is on? Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160318/48fab9f4/attachment.bin>
