EC Key in PEM File Format

This section provides a tutorial example on the EC key PEM file format. EC domain parameters are stored together with the private key.

When EC private and public keys are stored in a file, what file format is used?

Let's open the EC key file generated by the OpenSSL tool and see:

C:\herong> openssl ecparam -genkey -name secp256k1 \
   -out ec_key.pem -param_enc explicit

C:\herong> type ec_key.pem

-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQg8upej8Y28VkB8iO+ak93N0rBtyt/YBxNZJmg4UV0MbqggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAAT7e7C7o/lXxfS1yxNO9i23Sz1VC3Z3jnvq
C1tW1TQNNYEHeb2+D06ZDVZtC/gCDtPQ/Zu5VENHIasAmtbDHeRq
-----END EC PRIVATE KEY-----   

It seems that the EC private key is stored separately from the domain parameters.

If we keep the private key part only in a file, is it still a valid private key file? Let's copy the private key part to a new file, ec_key_only.pem, and try it:

C:\herong> type ec_key_only.pem
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQg8upej8Y28VkB8iO+ak93N0rBtyt/YBxNZJmg4UV0MbqggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAAT7e7C7o/lXxfS1yxNO9i23Sz1VC3Z3jnvq
C1tW1TQNNYEHeb2+D06ZDVZtC/gCDtPQ/Zu5VENHIasAmtbDHeRq
-----END EC PRIVATE KEY-----

C:\herong> openssl ec -in ec_key_only.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:
    00:f2:ea:5e:8f:c6:36:f1:59:01:f2:23:be:6a:4f:
    77:37:4a:c1:b7:2b:7f:60:1c:4d:64:99:a0:e1:45:
    74:31:ba
pub:
    04:fb:7b:b0:bb:a3:f9:57:c5:f4:b5:cb:13:4e:f6:
    2d:b7:4b:3d:55:0b:76:77:8e:7b:ea:0b:5b:56:d5:
    34:0d:35:81:07:79:bd:be:0f:4e:99:0d:56:6d:0b:
    f8:02:0e:d3:d0:fd:9b:b9:54:43:47:21:ab:00:9a:
    d6:c3:1d:e4:6a
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)

Okay. The domain parameters are stored in the private key part too.

Last update: 2019.

Table of Contents

 About This Book

 Geometric Introduction to Elliptic Curves

 Algebraic Introduction to Elliptic Curves

 Abelian Group and Elliptic Curves

 Discrete Logarithm Problem (DLP)

 Finite Fields

 Generators and Cyclic Subgroups

 Reduced Elliptic Curve Groups

 Elliptic Curve Subgroups

 tinyec - Python Library for ECC

EC (Elliptic Curve) Key Pair

 EC Private and Public Key Pair

 Is EC Private Key Secure

 EC Private Key Example - secp256k1

 Generate secp256k1 Keys with OpenSSL

EC Key in PEM File Format

 EC Key File with Curve Name

 Create EC Public Key File

 ECDH (Elliptic Curve Diffie-Hellman) Key Exchange

 ECDSA (Elliptic Curve Digital Signature Algorithm)

 ECES (Elliptic Curve Encryption Scheme)

 Terminology

 References

 Full Version in PDF/EPUB