OpenSSL: Is it possible to view the EC Named Curve without the ecparam file?

0 投票
最新提问 用户: (220 分)

Is there an OpenSSL command to derive the Named Curved that was used in the generation of an EC Key Pair?

I generate the parameters into a PEM file here:

openssl ecparam -name secp256k1 -out secp256k1.pem

Then verify the Named Curve used by typing:

openssl ecparam -in secp256k1.pem -text -noout

But how to achieve the same when you have only the Private.pem and Public.pem and NOT the ecparam file?

openssl pkey -in user1Key.pem -text -noout worked on keys I generated with the Command-Line OpenSSL tool but not the C libraries. When I run this command against the PEM files - I generated using C - I get everything but NOT the short ecparam name. I get the Private, Public, Seed, Prime, A, B, etc.

发表于 用户: (2.5k 分)
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Unix & Linux Stack Exchange or Information Security Stack Exchange would be a better place to ask.


0 投票
最新回答 用户: (220 分)


My C code was generating an EC Pair with OpenSSL APIs where the explicit parameters for the Curve was set. When I did the same with OpenSSL's command line tool, I did not set the explicit parameter.

To get around the issue - to verify both sides were deriving the same Key - I used the following OpenSSL command line tool:

openssl ecparam -in ec_paramprime256v1.pem -genkey -noout -out appKey.pem -param_enc explicit

If this has impacted you, I suggest you investigate OpenSSL's wiki for set_asn1_flag

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。