- Elliptic Curve Key Length
- Elliptic Curve Key Generation Example Definition
- Elliptic Curve Key Generation Example Pdf
- Free Key Generation Software
Definition
Provides an abstract base class that encapsulates the Elliptic Curve Digital Signature Algorithm (ECDSA).
Jun 19, 2019 Elliptic Curve Cryptography (ECC) The Elliptic Curve Cryptography (ECC) is modern family of public-key cryptosystems, which is based on the algebraic structures of the elliptic curves over finite fields and on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP). ECC implements all major capabilities of the asymmetric cryptosystems: encryption, signatures and key exchange.
ECDsa
- Derived
Remarks
This class serves as the abstract base class for ECDsaCng derivations.
Constructors
ECDsa() | Initializes a new instance of the ECDsa class. |
Fields
KeySizeValue | Represents the size, in bits, of the key modulus used by the asymmetric algorithm. (Inherited from AsymmetricAlgorithm) |
LegalKeySizesValue | Specifies the key sizes that are supported by the asymmetric algorithm. (Inherited from AsymmetricAlgorithm) |
Properties
KeyExchangeAlgorithm | Gets the name of the key exchange algorithm. |
KeySize | Gets or sets the size, in bits, of the key modulus used by the asymmetric algorithm. (Inherited from AsymmetricAlgorithm) |
LegalKeySizes | Gets the key sizes that are supported by the asymmetric algorithm. (Inherited from AsymmetricAlgorithm) |
SignatureAlgorithm | Gets the name of the signature algorithm. |
Methods
Clear() | Releases all resources used by the AsymmetricAlgorithm class. (Inherited from AsymmetricAlgorithm) |
Create() | Creates a new instance of the default implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA). |
Create(ECCurve) | Creates a new instance of the default implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) with a newly generated key over the specified curve. |
Create(ECParameters) | Creates a new instance of the default implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) using the specified parameters as the key. |
Create(String) | Creates a new instance of the specified implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA). |
Dispose() | Releases all resources used by the current instance of the AsymmetricAlgorithm class. (Inherited from AsymmetricAlgorithm) |
Dispose(Boolean) | Releases the unmanaged resources used by the AsymmetricAlgorithm class and optionally releases the managed resources. (Inherited from AsymmetricAlgorithm) |
Equals(Object) | Determines whether the specified object is equal to the current object. (Inherited from Object) |
ExportECPrivateKey() | Exports the current key in the ECPrivateKey format. |
ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<Byte>, PbeParameters) | Exports the current key in the PKCS#8 EncryptedPrivateKeyInfo format with a byte-based password. (Inherited from AsymmetricAlgorithm) |
ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<Char>, PbeParameters) | Exports the current key in the PKCS#8 EncryptedPrivateKeyInfo format with a char-based password. (Inherited from AsymmetricAlgorithm) |
ExportExplicitParameters(Boolean) | When overridden in a derived class, exports the explicit parameters for an elliptic curve. |
ExportParameters(Boolean) | When overridden in a derived class, exports the named or explicit parameters for an elliptic curve. If the curve has a name, the Curve field contains named curve parameters, otherwise it contains explicit parameters. |
ExportPkcs8PrivateKey() | Exports the current key in the PKCS#8 PrivateKeyInfo format. (Inherited from AsymmetricAlgorithm) |
ExportSubjectPublicKeyInfo() | Exports the public-key portion of the current key in the X.509 SubjectPublicKeyInfo format. (Inherited from AsymmetricAlgorithm) |
FromXmlString(String) | This method throws in all cases. |
GenerateKey(ECCurve) | When overridden in a derived class, generates a new ephemeral public/private key pair for the specified curve, replacing the current key. |
GetHashCode() | Serves as the default hash function. (Inherited from Object) |
GetType() | Gets the Type of the current instance. (Inherited from Object) |
HashData(Byte[], Int32, Int32, HashAlgorithmName) | When overridden in a derived class, computes the hash value of the specified portion of a byte array by using the specified hashing algorithm. |
HashData(Stream, HashAlgorithmName) | When overridden in a derived class, computes the hash value of the specified binary stream by using the specified hashing algorithm. |
ImportECPrivateKey(ReadOnlySpan<Byte>, Int32) | Imports the public/private keypair from an ECPrivateKey structure, replacing the keys for this object. |
ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<Byte>, ReadOnlySpan<Byte>, Int32) | Imports the public/private keypair from a PKCS#8 EncryptedPrivateKeyInfo structure after decrypting with a byte-based password, replacing the keys for this object. |
ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<Char>, ReadOnlySpan<Byte>, Int32) | Imports the public/private keypair from a PKCS#8 EncryptedPrivateKeyInfo structure after decrypting with a char-based password, replacing the keys for this object. |
ImportParameters(ECParameters) | When overridden in a derived class, imports the specified parameters. |
ImportPkcs8PrivateKey(ReadOnlySpan<Byte>, Int32) | Imports the public/private keypair from a PKCS#8 PrivateKeyInfo structure after decryption, replacing the keys for this object. |
ImportSubjectPublicKeyInfo(ReadOnlySpan<Byte>, Int32) | Imports the public key from an X.509 SubjectPublicKeyInfo structure after decryption, replacing the keys for this object. |
MemberwiseClone() | Random key generator php code. Creates a shallow copy of the current Object. (Inherited from Object) |
SignData(Byte[], HashAlgorithmName) | Computes the hash value of the specified byte array using the specified hash algorithm and signs the resulting hash value. |
SignData(Byte[], Int32, Int32, HashAlgorithmName) | Computes the hash value of a portion of the specified byte array using the specified hash algorithm and signs the resulting hash value. |
SignData(Stream, HashAlgorithmName) | Computes the hash value of the specified stream using the specified hash algorithm and signs the resulting hash value. |
SignHash(Byte[]) | Generates a digital signature for the specified hash value. |
ToString() | Returns a string that represents the current object. (Inherited from Object) |
ToXmlString(Boolean) | This method throws in all cases. |
TryExportECPrivateKey(Span<Byte>, Int32) | Attempts to export the current key in the ECPrivateKey format into a provided buffer. |
TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan<Byte>, PbeParameters, Span<Byte>, Int32) | Attempts to export the current key in the PKCS#8 EncryptedPrivateKeyInfo format into a provided buffer, using a byte-based password. |
TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan<Char>, PbeParameters, Span<Byte>, Int32) | Attempts to export the current key in the PKCS#8 EncryptedPrivateKeyInfo format into a provided buffer, using a char-based password. |
TryExportPkcs8PrivateKey(Span<Byte>, Int32) | Attempts to export the current key in the PKCS#8 PrivateKeyInfo format into a provided buffer. |
TryExportSubjectPublicKeyInfo(Span<Byte>, Int32) | Attempts to export the current key in the X.509 SubjectPublicKeyInfo format into a provided buffer. |
TryHashData(ReadOnlySpan<Byte>, Span<Byte>, HashAlgorithmName, Int32) | Attempts to compute the hash value of the specified read-only span of bytes into the provided destination by using the specified hashing algorithm. |
TrySignData(ReadOnlySpan<Byte>, Span<Byte>, HashAlgorithmName, Int32) | Attempts to compute the ECDSA digital signature for the specified read-only span of bytes into the provided destination by using the specified hashing algorithm and the current key. |
TrySignHash(ReadOnlySpan<Byte>, Span<Byte>, Int32) | Attempts to compute the ECDSA digital signature for the specified read-only span of bytes representing a data hash into the provided destination by using the current key. |
VerifyData(Byte[], Byte[], HashAlgorithmName) | Verifies that a digital signature is appropriate for the current key and provided data with a specified hash algorithm. |
VerifyData(Byte[], Int32, Int32, Byte[], HashAlgorithmName) | Verifies that a digital signature is appropriate for the current key and provided portion of data with a specified hash algorithm. |
VerifyData(ReadOnlySpan<Byte>, ReadOnlySpan<Byte>, HashAlgorithmName) | Verifies that a digital signature is appropriate for the current key and provided data with a specified hash algorithm. |
VerifyData(Stream, Byte[], HashAlgorithmName) | Verifies that a digital signature is appropriate for the current key and provided data with a specified hash algorithm. |
VerifyHash(Byte[], Byte[]) | Verifies that a digital signature is appropriate for the current key and provided data hash. |
VerifyHash(ReadOnlySpan<Byte>, ReadOnlySpan<Byte>) | Verifies that a digital signature is appropriate for the current key and provided data hash. |
Explicit Interface Implementations
IDisposable.Dispose() | For a description of this member, see Dispose(). (Inherited from AsymmetricAlgorithm) |
Applies to
OpenSSL provides two command line tools for working with keys suitable for Elliptic Curve (EC) algorithms:
Nowadays, it is very common to use emojis on Facebook, WhatsApp, Outlook emails and SMS messages. Do you know it is very easy to insert these emojis in Microsoft Office documents, emails and chats? Alt key ascii code generation.
The only Elliptic Curve algorithms that OpenSSL currently supports are Elliptic Curve Diffie Hellman (ECDH) for key agreement and Elliptic Curve Digital Signature Algorithm (ECDSA) for signing/verifying.
x25519, ed25519 and ed448 aren't standard EC curves so you can't use ecparams or ec subcommands to work with them. If you need to generate x25519 or ed25519 keys then see the genpkey subcommand.
EC Private Key File Formats[edit]
By default OpenSSL will work with PEM files for storing EC private keys. These are text files containing base-64 encoded data. A typical traditional format private key file in PEM format will look something like the following, in a file with a '.pem' extension:
Or, in an encrypted form like this:
You may also encounter PKCS8 format private keys in PEM files. These look like this:
Or, in an encrypted form like this:
PKCS8 private key files, like the above, are capable of holding many different types of private key - not just EC keys.
You can convert between these formats if you like. All of the conversion commands can read either the encrypted or unencrypted forms of the files however you must specify whether you want the output to be encrypted or not. To convert a PKCS8 file to a traditional encrypted EC format use:
You can replace the first argument 'aes-128-cbc' with any other valid openssl cipher name (see Manual:enc(1) for a list of valid cipher names). To convert a PKCS8 file to a traditional unencrypted EC format, just drop the first argument:
Elliptic Curve Key Length
Or to convert from a traditional EC format to an encrypted PKCS8 format use:
Or to a non-encrypted PKCS8 format use:
Note that by default in the above traditional format EC Private Key files are not encrypted (you have to explicitly state that the file should be encrypted, and what cipher to use), whilst for PKCS8 files the opposite is true. The default is to encrypt - you have to explicitly state that you do not want encryption applied if appropriate using the '-nocrypt' option.
As well as PEM format all of the above types of key file can also be stored in DER format. This is a binary format and so is not directly human readable - unlike a PEM file. A PEM file is essentially just DER data encoded using base 64 encoding rules with a header and footer added. Often it is more convenient to work with PEM files for this reason.
The openssl commands typically have options '-inform DER' or '-outform DER' to specify that the input or output file is DER respectively. So for example the command to convert a PKCS8 file to a traditional encrypted EC format in DER is the same as above, but with the addition of '-outform DER':
Note that you cannot encrypt a traditional format EC Private Key in DER format (and in fact if you attempt to do so the argument is silently ignored!). The same is not true for PKCS8 files - these can still be encrypted even in DER format. So for example the following will convert a traditional format key file to an ecrypted PKCS8 format DER encoded key:
EC Public Key File Formats[edit]
EC Public Keys are also stored in PEM files. A typical EC public key looks as follows:
This format is used to store all types of public keys in OpenSSL not just EC keys.
It is possible to create a public key file from a private key file (although obviously not the other way around!):
As above a DER encoded version can be created using '-outform DER':
Generating EC Keys and Parameters[edit]
An EC Parameters file contains all of the information necessary to define an Elliptic Curve that can then be used for cryptographic operations (for OpenSSL this means ECDH and ECDSA). OpenSSL contains a large set of pre-defined curves that can be used. The full list of built-in curves can be obtained through the following command:
An EC parameters file can then be generated for any of the built-in named curves as follows:
Replace secp256k1 in the above with whichever curve you are interested in.
Keys can be generated from the ecparam command, either through a pre-existing parameters file or directly by selecting the name of the curve. To generate a private/public key pair from a pre-eixsting parameters file use the following:
Or to do the equivalent operation without a parameters file use the following:
Information on the parameters that have been used to generate the key are embedded in the key file itself.
By default, when creating a parameters file, or generating a key, openssl will only store the name of the curve in the generated parameters or key file, not the full set of explicit parameters associated with that name. For example:
This will simply confirm the name of the curve in the parameters file by printing out the following:
If you wish to examine the specific details of the parameters associated with a particular named curve then this can be achieved as follows:
The above command shows the details for a built-in named curve from a file, but this can also be done directly using the '-name' argument instead of '-in'. The output will look similar to the following:
The meaning of each of these parameters is discussed further on this page.
Parameters and key files can be generated to include the full explicit parameters instead of just the name of the curve if desired. This might be important if, for example, not all the target systems know the details of the named curve. In OpenSSL version 1.0.2 new named curves have been added such as brainpool512t1. Attempting to use a parameters file or key file in versions of OpenSSL less than 1.0.2 with this curve will result in an error:
This problem can be avoided if explicit parameters are used instead. So under OpenSSL 1.0.2 you could create a parameters file like this:
Looking at the parameters file you will notice that it is now much longer:
The full parameters are included rather than just the name. This can now be processed by versions of OpenSSL less than 1.0.2. So under 1.0.1:
Elliptic Curve Key Generation Example Definition
This will correctly display the parameters, even though this version of OpenSSL does not know about this curve.
The same is true of key files. So to generate a key with explicit parameters:
Elliptic Curve Key Generation Example Pdf
This key file can now be processed by versions of openssl that do not know about the brainpool curve.
It should be noted however that once the parameters have been converted from the curve name format into explicit parameters it is not possible to change them back again, i.e. there is no utility to take a set of explicit parameters and work out which named curve they are associated with.
See also[edit]
Free Key Generation Software
Retrieved from 'https://wiki.openssl.org/index.php?title=Command_Line_Elliptic_Curve_Operations&oldid=2734'