Password protect EC private key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am following: https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html

But modifying it to produce ECDSA certs. So the first step is to make the private key. Jamie says:

openssl genrsa -aes256 -out private/ca.key.pem 4096

The -aes256 option supposedly password protects this private key. So after some googling I created:

openssl ecparam -name secp256k1 -genkey -noout -out private/ca.key.pem

But openssl ecparam does not have any option equivalent (that I can find) to -aes256

What am I missing.

And I successfully generated the root CA ECDSA cert with:

openssl req -config openssl.cnf -key private/ca.key.pem \
-new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem

The config file is the one Jamie provides on his pages.

Also the following:

openssl ecparam -in private/ca.key.pem -text -noout

Gives me an error:

unable to load elliptic curve parameters
140598030526328:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: EC PARAMETERS

Is this because I created the private key without including the parameters? I got my ECDSA tips from:

https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations

Meanwhile on to the sub-CA cert.

thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux