On 19/06/2024 12:14, Lokesh Chakka wrote:
Now I need to explore C APIs for getting those keys as hex array.
Could you please suggest any good references for beginners.
You would need to first load the key from the file to create an EVP_PKEY
object. For example you could use the PEM_read_PUBKEY() function for
this. See:
https://www.openssl.org/docs/man3.3/man3/PEM_read_PUBKEY.html
Once you have the key as an EVP_PKEY object, you can get the raw
encoding as a char array in a format suitable for TLS using the
EVP_PKEY_get1_encoded_public_key() function. See:
https://www.openssl.org/docs/man3.3/man3/EVP_PKEY_get1_encoded_public_key.html
Matt
Regards
--
Lokesh Chakka.
On Wed, Jun 19, 2024 at 4:21 PM Matt Caswell <matt@xxxxxxxxxxx
<mailto:matt@xxxxxxxxxxx>> wrote:
On 19/06/2024 09:15, Lokesh Chakka wrote:
> hello,
>
> I'm trying to generate public/private keys with following commands:
>
> openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> openssl ec -in pvtkey.pem -pubout
>
> I'm seeing the sizeof private key as 164 bytes and public key as
124 bytes.
>
> In a wireshark capture( attached ), I'm seeing key length as 65
bytes.
What you are doing is confusing. You have generated public/private key
pair for secp256r1 - but the wireshark capture you show seems to be the
key share from a TLSv1.3 handshake. TLSv1.3 key shares are ephemeral so
- you'll get a different key share every time. You don't need to create
a public/private key for this. OpenSSL does it for you.
Anyway. Taking the key that you generated:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP
GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
-----END PUBLIC KEY-----
This is just a PEM encoding of the real key (base 64 encoding of DER
structured data in PEM headers). Not sure where you get 124 bytes from,
but you can look take a look at the actual key data like this:
$ openssl pkey -in /tmp/key.pem -pubin -noout -text
Public-Key: (256 bit)
pub:
04:55:29:a9:e1:49:e5:41:bc:db:7b:a7:a8:a4:1c:
9e:11:4c:e4:99:81:cf:1a:06:8a:bd:2b:7f:c5:d0:
20:bc:3a:7b:15:72:93:a5:24:fc:50:cf:4b:a4:5f:
1f:e0:91:13:39:78:03:0c:6b:cd:94:80:ea:54:5a:
3e:4f:48:5d:b5
ASN1 OID: prime256v1
NIST CURVE: P-256
This shows you the 65 bytes of raw public key data contained within the
key file.
This key is in "uncompressed" format (the 04 byte at the start
indicates
this). Since it is uncompressed we then get an x and a y value to
indicate the point on the curve. Each of these are 32 bytes long (256
bits) - so this gives you 65 bytes in total.
Matt
>
> Can someone help me understand why the difference?
>
> Thanks & Regards
> --
> Lokesh Chakka.
