Skip to content

Generate EC KeyPair from OpenSSL command line

John Hau edited this page Mar 9, 2022 · 1 revision

Private Key

Assuming an UX platform such as OS X or Linux. Also omit the $ when testing. Generate a private ECDSA key:

$ openssl ecparam -name prime256v1 -genkey -noout -out private.ec.key Convert and encrypt the private key with a pass phrase:

$ openssl pkcs8 -topk8 -in private.ec.key -out private.pem You can now securely delete private.ec.key as long as you remember the pass phrase.

Public Key

Generate public ECDSA key:

$ openssl ec -in private.pem -pubout -out public.pem Testing

Make a small text file for testing:

$ touch msg.txt | echo "hello world" > msg.txt Make a hash digest:

$ openssl dgst -sha256 -out msg.digest.txt msg.txt Make a signature file out of the digest:

$ openssl dgst -sha256 -sign private.pem -out msg.signature.txt msg.digest.txt

Verify the signature: $ openssl dgst -sha256 -verify public.pem -signature msg.signature.txt msg.digest.txt

Additionally you may want to encode the signature to base64 before mailing it, and then decode it to bin before verifying after you receive it.

Here's how you do that:

Encode:

$ openssl base64 -in msg.signature.txt -out msg.base64.sig.txt Decode:

$ openssl base64 -d -in msg.base64.sig.txt -out msg.signature.txt

Clone this wiki locally