Topic: Convert generated ECC key to DER
I'd like to be able to use a self generated key to self sign a certificate.
Seems like the key needs to be in a DER format first, is there an ECC equivalent of the RsaKeyToDer function?
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → Convert generated ECC key to DER
I'd like to be able to use a self generated key to self sign a certificate.
Seems like the key needs to be in a DER format first, is there an ECC equivalent of the RsaKeyToDer function?
Hi,
Yes, the equivalent function for ECC keys to convert from ecc_key to DER-encoded buffer is:
int ecc_export_x963(ecc_key* key, byte* out, word32* outLen);
Where
key = input ecc_key
out = output buffer to hold DER-encoded representation of "key"
outLen = in/out variable specifying size of input buffer then size of DER-encoded key upon function success
Possible return values include:
MP_OKAY upon function success
ECC_BAD_ARG_E if invalid input arguments are given
BUFFER_E if buffer is not large enough
Best Regards,
Chris
Hi Chris,
Unfortunately, this function is not working as you expect.. It will copy ecc public key x and y value to *out buffer.. The other function that exist in the same class do same thing for ecc private key.. After these process, ECC key should be converted to DER format that explained in RFC 5915 like below..
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
unfortunately, I did not see any function to do that. I am missing something?
Regards,
Melek
Hi Melek,
Yes, thanks for correcting me. You are right - the ecc_export_x963() function exports the ECC key to X9.63 format, not DER. wolfSSL embedded SSL doesn't currently have a function to export the generated key to DER.
Regards,
Chris
Hi Melek,
We just added a function to wolfSSL which converts an ecc_key to DER format:
int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
You can grab our latest code from GitHub, here: https://github.com/wolfSSL/wolfssl
This change was added with the following commit:
https://github.com/cyassl/cyassl/commit … f524f0bf94
Best Regards,
Chris
Hi Chris,
It is wonderful news, I wasmiddle of the implementation
Regards,
Melek
Hi Chris,
I have tried this function "EccKeyToDer" and it works as I expected.
But on the other hand, is there any function could parse public key and private key from DER file ?
Best Regards,
Marcus
Hi Marcus,
We have a couple of different functions in <cyassl/ctaocrypt/ecc.h> that can be used for reading in public and/or private keys:
/* import public ECC key in ANSI X9.63 format */
int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
/* ecc private key import, public key in ANSI X9.63 format, private raw */
int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key);
/* Import raw ECC key */
int ecc_import_raw(ecc_key* key, const char* qx, const char* qy, const char* d, const char* curveName);
Best Regards,
Chris
wolfSSL - Embedded SSL Library → wolfSSL → Convert generated ECC key to DER
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.018 seconds (88% PHP - 12% DB) with 11 queries