Is there a way to have all those man pages installed in my system.
I'm using Ubuntu 24.
On Wed, Jun 19, 2024, 17:49 Matt Caswell <matt@xxxxxxxxxxx> wrote:
On 19/06/2024 12:14, Lokesh Chakka wrote:
> Now I need to explore C APIs for getting those keys as hex array.
> Could you please suggest any good references for beginners.
You would need to first load the key from the file to create an EVP_PKEY
object. For example you could use the PEM_read_PUBKEY() function for
this. See:
https://www.openssl.org/docs/man3.3/man3/PEM_read_PUBKEY.html
Once you have the key as an EVP_PKEY object, you can get the raw
encoding as a char array in a format suitable for TLS using the
EVP_PKEY_get1_encoded_public_key() function. See:
https://www.openssl.org/docs/man3.3/man3/EVP_PKEY_get1_encoded_public_key.html
Matt
>
> Regards
> --
> Lokesh Chakka.
>
>
> On Wed, Jun 19, 2024 at 4:21 PM Matt Caswell <matt@xxxxxxxxxxx
> <mailto:matt@xxxxxxxxxxx>> wrote:
>
>
>
> On 19/06/2024 09:15, Lokesh Chakka wrote:
> > hello,
> >
> > I'm trying to generate public/private keys with following commands:
> >
> > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> > openssl ec -in pvtkey.pem -pubout
> >
> > I'm seeing the sizeof private key as 164 bytes and public key as
> 124 bytes.
> >
> > In a wireshark capture( attached ), I'm seeing key length as 65
> bytes.
>
> What you are doing is confusing. You have generated public/private key
> pair for secp256r1 - but the wireshark capture you show seems to be the
> key share from a TLSv1.3 handshake. TLSv1.3 key shares are ephemeral so
> - you'll get a different key share every time. You don't need to create
> a public/private key for this. OpenSSL does it for you.
>
> Anyway. Taking the key that you generated:
>
> -----BEGIN PUBLIC KEY-----
> MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP
> GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
> -----END PUBLIC KEY-----
>
> This is just a PEM encoding of the real key (base 64 encoding of DER
> structured data in PEM headers). Not sure where you get 124 bytes from,
> but you can look take a look at the actual key data like this:
>
> $ openssl pkey -in /tmp/key.pem -pubin -noout -text
> Public-Key: (256 bit)
> pub:
> 04:55:29:a9:e1:49:e5:41:bc:db:7b:a7:a8:a4:1c:
> 9e:11:4c:e4:99:81:cf:1a:06:8a:bd:2b:7f:c5:d0:
> 20:bc:3a:7b:15:72:93:a5:24:fc:50:cf:4b:a4:5f:
> 1f:e0:91:13:39:78:03:0c:6b:cd:94:80:ea:54:5a:
> 3e:4f:48:5d:b5
> ASN1 OID: prime256v1
> NIST CURVE: P-256
>
> This shows you the 65 bytes of raw public key data contained within the
> key file.
>
> This key is in "uncompressed" format (the 04 byte at the start
> indicates
> this). Since it is uncompressed we then get an x and a y value to
> indicate the point on the curve. Each of these are 32 bytes long (256
> bits) - so this gives you 65 bytes in total.
>
> Matt
>
>
>
> >
> > Can someone help me understand why the difference?
> >
> > Thanks & Regards
> > --
> > Lokesh Chakka.
>