Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Openssl ECDSA : private key passphrase

Tags:

security

openssl

encryption

ecdsa

I am new with Openssl i have generated a private key myprivatekey.pem and a publickey mypublickey.pem with :

openssl ecparam -genkey -name secp160k1 -noout -out myprivatekey.pem

and my public key with :

openssl -ec  -in myprivatekey.pem -pubout -out mypublickey.pem

What i want to do next is to encrypte my ecdsa with a passphrase private key and make a certification request for my public key and thank you for your help.

like image 566
elpazio Avatar asked May 01 '16 16:05

elpazio

People also ask

Does OpenSSL support Ecdsa?

The OpenSSL EC library provides support for Elliptic Curve Cryptography (ECC). It is the basis for the OpenSSL implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH).

What is passphrase in OpenSSL?

A passphrase is a word or phrase that protects private key files. It prevents unauthorized users from encrypting them. Usually it's just the secret encryption/decryption key used for Ciphers.

How do I get an EC private key?

Generating the EC key can be done using OpenSSL on your workstation, but also with the Keyman/VSE utility. Select an Elliptic Curve from the drop-down listbox and press Generate key. The curve name indicates the bitlength of the EC key.

1 Answers

It would seem that ecparam doesn't have a built-in option for encrypting the generated key. Instead, you can simply do the following:

openssl ec -in myprivatekey.pem -out myprivatekey_encrypted.pem -aes256

Compared to genrsa, an extra step is required, but this basically does the same thing.

Now as far as the certificate request, the command is pretty much the same regardless of the type of private key used:

openssl req -new -sha256 -key myprivatekey.pem -out mycertrequest.pem

You can then take the resulting mycertrequest.pem and send it to a CA for signing.

Edit:

If you have concerns about writing the unencrypted private key to disk, you can do both the generation and encryption of the key in one step like so:

openssl ecparam -genkey -name secp256k1 | openssl ec -aes256 -out privatekey.pem

This generates a P-256 key, then prompts you for a passphrase. The key is then encrypted using AES256 and saved into privatekey.pem.

like image 73
AfroThundr Avatar answered Oct 18 '22 15:10

AfroThundr
Sign in to Comment

Related questions

Resetting ASP.NET password - security issues?
Is it common to store a users password in a PHP Session?
Disallowing characters in a password?
Sending IV along with cipher text, safe?
App Engine: what are best practices for transmitting a password and storing it securely in Google App Engine?
Authorization and user roles in Oracle Apex?
Glassfish thinks jdbcRealm is actually fileRealm
Is it secure to store a PHP crypt() result in the db?
How can I securely wipe a confidential data in memory in java with guarantee it will not be 'optimized'?
Where should I store credit card numbers in Android?
How to use docker-credential-pass to login to a private registry?
How to make cross-domain communication between JavaScript and Flash?
Is SecureString secure?
ColdFusion Admin Login and Password recovery
How is revocation of a root certificate handled?
Grails Spring Security plugin - modify logged in user's authorities
Why don't connect android to database directly?
Does eliminating dangerous characters avoid SQL-injection?
Python object encapsulation security
Symfony3 No route found for "GET /logout"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!