-
Notifications
You must be signed in to change notification settings - Fork 7
Generate EC KeyPair from OpenSSL command line
Private Key
Assuming an UX platform such as OS X or Linux. Also omit the $ when testing. Generate a private ECDSA key:
$ openssl ecparam -name prime256v1 -genkey -noout -out private.ec.key Convert and encrypt the private key with a pass phrase:
$ openssl pkcs8 -topk8 -in private.ec.key -out private.pem You can now securely delete private.ec.key as long as you remember the pass phrase.
Public Key
Generate public ECDSA key:
$ openssl ec -in private.pem -pubout -out public.pem Testing
Make a small text file for testing:
$ touch msg.txt | echo "hello world" > msg.txt Make a hash digest:
$ openssl dgst -sha256 -out msg.digest.txt msg.txt Make a signature file out of the digest:
$ openssl dgst -sha256 -sign private.pem -out msg.signature.txt msg.digest.txt
Verify the signature: $ openssl dgst -sha256 -verify public.pem -signature msg.signature.txt msg.digest.txt
Additionally you may want to encode the signature to base64 before mailing it, and then decode it to bin before verifying after you receive it.
Here's how you do that:
Encode:
$ openssl base64 -in msg.signature.txt -out msg.base64.sig.txt Decode:
$ openssl base64 -d -in msg.base64.sig.txt -out msg.signature.txt