Thanks, getting closer ...
On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:
My latest attempt is this. It gives me a usage error. Any hints?
openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
The "aes-256-cbc" argument is wrong. Try "-aes256".
BTW, I got aes-256-cbc from
https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
and > openssl list-cipher-commands
Also, take a look at test/certs/mkcert.sh:
I looked at that, but what is $bits?
I got prime256v1, the curve I want, from
openssl ecparam -list_curves
My next tries:
openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
ec_param_enc:named_curve -text
openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
ec_param_enc:explicit -text
I get:
Error generating key
140529942484808:error:100C708B:elliptic curve routines:PKEY_EC_KEYGEN:no
parameters set:ec_pmeth.c:294:
It's probably this LOC, but what am I missing?
if (ctx->pkey == NULL && dctx->gen_group == NULL) {
ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
return 0;
}
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
