On Fri, Jan 13, 2017 at 09:32:01AM -0500, Ken Goldman wrote: > > The "aes-256-cbc" argument is wrong. Try "-aes256". > > BTW, I got aes-256-cbc from > > https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations > > and > openssl list-cipher-commands When cipher names are used as options, they need a leading "-". > > Also, take a look at test/certs/mkcert.sh: > > I looked at that, but what is $bits? The curve name. > openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256 > -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text You're sure fond of leaving off the leading "-" in option names. You'll also really want the "ec_param_enc" option when you get the rest of the syntax right. > openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256 > -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt > ec_param_enc:named_curve -text So this one is much closer, but now has two missing "-"s in "pkeyopt". -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
