On Thu, Aug 10, 2017 at 12:03:31PM -0400, Robert Moskowitz wrote: > openssl ecparam -name secp256k1 -genkey -noout -out private/ca.key.pem > > But openssl ecparam does not have any option equivalent (that I can find) to -aes256 Yes, this command does not currently support key encryption. > What am I missing. The command that does is: $ openssl genpkey -aes256 -algorithm ec \ -pkeyopt ec_paramgen_curve:secp256k1 \ -pkeyopt ec_param_enc:named_curve \ -out private/ca.key.pem Are you sure you want secp256k1? By far the more common choice is prime256r1 (aka P-256 or secp256r1). > openssl ecparam -in private/ca.key.pem -text -noout EC keys are read with "openssl ec" not "openssl ecparam". -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
