On 08/10/2017 02:27 PM, Viktor Dukhovni wrote:
On Thu, Aug 10, 2017 at 12:03:31PM -0400, Robert Moskowitz wrote:
openssl ecparam -name secp256k1 -genkey -noout -out private/ca.key.pem
But openssl ecparam does not have any option equivalent (that I can find) to -aes256
Yes, this command does not currently support key encryption.
What am I missing.
The command that does is:
$ openssl genpkey -aes256 -algorithm ec \
-pkeyopt ec_paramgen_curve:secp256k1 \
-pkeyopt ec_param_enc:named_curve \
-out private/ca.key.pem
Are you sure you want secp256k1? By far the more common choice is
prime256r1 (aka P-256 or secp256r1).
Do you mean prime256v1?
$ openssl ecparam -list_curves
secp256k1 : SECG curve over a 256 bit prime field
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field
openssl ecparam -in private/ca.key.pem -text -noout
EC keys are read with "openssl ec" not "openssl ecparam".
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
