On 13/01/17 14:32, Ken Goldman wrote: > Thanks, getting closer ... > > On 1/12/2017 5:47 PM, Viktor Dukhovni wrote: >>> My latest attempt is this. It gives me a usage error. Any hints? >>> >>> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr >>> aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text >> >> The "aes-256-cbc" argument is wrong. Try "-aes256". > > BTW, I got aes-256-cbc from > > https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations > > and > openssl list-cipher-commands > >> >> Also, take a look at test/certs/mkcert.sh: > > I looked at that, but what is $bits? > > I got prime256v1, the curve I want, from > > openssl ecparam -list_curves > > My next tries: > > openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256 > -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text Try it with a "-" in front of "pkeyopt"!!! Matt > > openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256 > -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt > ec_param_enc:named_curve -text > > openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256 > -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt > ec_param_enc:explicit -text > > I get: > > Error generating key > 140529942484808:error:100C708B:elliptic curve routines:PKEY_EC_KEYGEN:no > parameters set:ec_pmeth.c:294: > > It's probably this LOC, but what am I missing? > > if (ctx->pkey == NULL && dctx->gen_group == NULL) { > ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); > return 0; > } > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
