EC Cryptography Tutorials - Herong's Tutorial Examples - v1.02, by Dr. Herong Yang
EC Key in PEM File Format
This section provides a tutorial example on the EC key PEM file format. EC domain parameters are stored together with the private key.
When EC private and public keys are stored in a file, what file format is used?
Let's open the EC key file generated by the OpenSSL tool and see:
herong> openssl ecparam -genkey -name secp256k1 \ -out ec_key.pem -param_enc explicit herong> type ec_key.pem -----BEGIN EC PARAMETERS----- MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+ ///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP////////////////// //66rtzmr0igO7/SXozQNkFBAgEB -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MIIBEwIBAQQg8upej8Y28VkB8iO+ak93N0rBtyt/YBxNZJmg4UV0MbqggaUwgaIC AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu 3OavSKA7v9JejNA2QUECAQGhRANCAAT7e7C7o/lXxfS1yxNO9i23Sz1VC3Z3jnvq C1tW1TQNNYEHeb2+D06ZDVZtC/gCDtPQ/Zu5VENHIasAmtbDHeRq -----END EC PRIVATE KEY-----
It seems that the EC private key is stored separately from the domain parameters.
If we keep the private key part only in a file, is it still a valid private key file? Let's copy the private key part to a new file, ec_key_only.pem, and try it:
herong> type ec_key_only.pem
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQg8upej8Y28VkB8iO+ak93N0rBtyt/YBxNZJmg4UV0MbqggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAAT7e7C7o/lXxfS1yxNO9i23Sz1VC3Z3jnvq
C1tW1TQNNYEHeb2+D06ZDVZtC/gCDtPQ/Zu5VENHIasAmtbDHeRq
-----END EC PRIVATE KEY-----
herong> openssl ec -in ec_key_only.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:
00:f2:ea:5e:8f:c6:36:f1:59:01:f2:23:be:6a:4f:
77:37:4a:c1:b7:2b:7f:60:1c:4d:64:99:a0:e1:45:
74:31:ba
pub:
04:fb:7b:b0:bb:a3:f9:57:c5:f4:b5:cb:13:4e:f6:
2d:b7:4b:3d:55:0b:76:77:8e:7b:ea:0b:5b:56:d5:
34:0d:35:81:07:79:bd:be:0f:4e:99:0d:56:6d:0b:
f8:02:0e:d3:d0:fd:9b:b9:54:43:47:21:ab:00:9a:
d6:c3:1d:e4:6a
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
ff:fc:2f
A: 0
B: 7 (0x7)
Generator (uncompressed):
04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
8f:fb:10:d4:b8
Order:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
36:41:41
Cofactor: 1 (0x1)
Okay. The domain parameters are stored in the private key part too.
Table of Contents
Geometric Introduction to Elliptic Curves
Algebraic Introduction to Elliptic Curves
Abelian Group and Elliptic Curves
Discrete Logarithm Problem (DLP)
Generators and Cyclic Subgroups
tinyec - Python Library for ECC
EC Private and Public Key Pair
EC Private Key Example - secp256k1
Generate secp256k1 Keys with OpenSSL
ECDH (Elliptic Curve Diffie-Hellman) Key Exchange
ECDSA (Elliptic Curve Digital Signature Algorithm)