1 Topic by windsp (edited by windsp 2014-06-03 23:11:43)

  • Registered: 2014-06-03
  • Posts: 10

Topic: [SOLVED] How to generate a ECC public key from a certificate?

Hello everyone,

Due to I want to make ECC key agreement with a certificate and a private key. But I do not know how to generate a ECC public key with a certificate? I referred to the discussed thread:Getting public key from certificate, but I cannot find a API like RsaPublicKeyDecode() to get ECC key from a certificate.

In my concept, I will use APIs to run key agreement as followings:
(This is refer to the thread: http://www.yassl.com/forums/topic513-ge … icate.html)


int ret;
int pemCertSz, derKeySz;
byte pemCert[4096];
byte derKey[1024];
byte shSecret[1024];

FILE* pubFile;
FILE* priFile;
ecc_key pubKey, priKey;
word32 idx = 0;
DecodedCert cert;

/* open and read PEM-formatted cert into buffer */
pubFile= fopen("./client-cert.pem", "rb");
if (!pubFile)
    // error reading file

pemCertSz = fread(pemCert, 1, sizeof(pemCert), pubFile);
fclose(pubFile);

/* initialize DecodedCert with PEM cert */
InitDecodedCert(&cert, pemCert, pemCertSz, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
    // ParseCert failed

/* extract the public key from the cert */
ecc_init(&pubKey);
idx = 0;

/* I want to use a API like this to get public key from a certificate. However, this API is not existed! */
ret = EccPublicKeyDecode(cert.publicKey, &idx, &pubKey, cert.pubKeySize);
if (ret != 0)
    // EccPublicKeyDecode failed


/* Load private key from DER-formatted file */
priFile= fopen("./ecc-key.der", "rb");
if (!priFile)
    // error reading file

derKeySz = fread(derKey, 1, sizeof(derKey), priFile);
fclose(priFile);

/* Translate buffer to ECC private key */
ecc_init(&priKey);
idx = 0;
ret = EccPrivateKeyDecode(derKey, &idx, &priKey, derKeySz);

/* run ECC Key Agreement */
idx = sizeof(shSecret);
ret = ecc_shared_secret(&priKey, &pubKey, shSecret, &idx);

Could anyone give me a hand for this issue?


windsp

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: [SOLVED] How to generate a ECC public key from a certificate?

Hi windsp,

wolfSSL embedded SSL currently provides two functions for loading public/private ECC keys into the ecc_key structure:

int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key);

The first function imports a public ECC key in X9.63 format into the specified ecc_key structure.
The second function imports both the public key in X9.63 format and the private key in RAW format into the specified ecc_key structure.

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2014-06-03
  • Posts: 10

Re: [SOLVED] How to generate a ECC public key from a certificate?

Hi Chris,

Thanks, it is really helpful for me!

Share