My overall goal is to create an X509 certificate for an ECC public key.
I am starting with the X and Y points. The curve is NIST_P256.
Here's the basic code. Am I close?
- EC_KEY ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)
- convert x and y from bin to bignum
- EC_KEY_set_public_key_affine_coordinates(ecKey, x, y)
- EVP_PUBKEY evpPubkey = EVP_PKEY_new()
- EVP_PKEY_set1_EC_KEY(evpPubkey, ecKey);
- X509_set_pubkey(x509Certificate, evpPubkey);
I'm getting far more information that I suspect I need. See the two
dumps below.
My result looks like this:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:e7:de:55:b0:09:2f:0a:83:0a:c9:fc:f0:82:d7:
97:e0:4e:02:7d:75:08:44:74:3e:5f:b6:b3:29:3d:
ad:69:b3:f4:c5:3d:65:ed:94:23:89:37:5c:d5:e5:
4c:0b:77:d4:55:f6:3c:83:24:27:fb:cb:21:dc:66:
df:11:5d:ac:65
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff
A:
00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fc
B:
5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
60:4b
Generator (uncompressed):
04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
68:37:bf:51:f5
Order:
00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
63:25:51
Cofactor: 1 (0x1)
Seed:
c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
b7:81:9f:7e:90
while other certificates I see look like this:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b2:72:2e:90:17:f8:19:2e:20:bb:cd:ee:fd:0a:
c5:f8:79:9f:33:e2:e3:04:f5:54:2c:39:7d:bb:b7:
7d:d5:b4:51:38:02:df:f1:14:44:81:9f:1e:1d:e1:
df:0e:4d:94:c8:15:26:5d:2a:96:9f:c2:dc:f0:c1:
3c:78:c1:1d:eb
ASN1 OID: prime256v1
NIST CURVE: P-256
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users