• Registered: 2014-02-11
  • Posts: 2

Topic: Convert generated ECC key to DER

I'd like to be able to use a self generated key to self sign a certificate.
Seems like the key needs to be in a DER format first, is there an ECC equivalent of the RsaKeyToDer function?

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Convert generated ECC key to DER

Hi,

Yes, the equivalent function for ECC keys to convert from ecc_key to DER-encoded buffer is:

int ecc_export_x963(ecc_key* key, byte* out, word32* outLen);

Where

key = input ecc_key
out = output buffer to hold DER-encoded representation of "key"
outLen = in/out variable specifying size of input buffer then size of DER-encoded key upon function success

Possible return values include:

MP_OKAY upon function success
ECC_BAD_ARG_E if invalid input arguments are given
BUFFER_E if buffer is not large enough

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2014-09-02
  • Posts: 5

Re: Convert generated ECC key to DER

Hi Chris,

Unfortunately,  this function is not working as you expect.. It will copy ecc public key x and y value to *out buffer.. The other function that exist in the same class do same thing for ecc private key..  After these process, ECC key should be converted to DER format that explained in RFC 5915 like below..

   ECPrivateKey ::= SEQUENCE {
     version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
     privateKey     OCTET STRING,
     parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
     publicKey  [1] BIT STRING OPTIONAL
   }

unfortunately, I did not see any function to do that. I am missing something?

Regards,
Melek

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Convert generated ECC key to DER

Hi Melek,

Yes, thanks for correcting me.  You are right - the ecc_export_x963() function exports the ECC key to X9.63 format, not DER.  wolfSSL embedded SSL doesn't currently have a function to export the generated key to DER.

Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Convert generated ECC key to DER

Hi Melek,

We just added a function to wolfSSL which converts an ecc_key to DER format:

int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)

You can grab our latest code from GitHub, here: https://github.com/wolfSSL/wolfssl

This change was added with the following commit:

https://github.com/cyassl/cyassl/commit … f524f0bf94

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2014-09-02
  • Posts: 5

Re: Convert generated ECC key to DER

Hi Chris,

It is wonderful news, I wasmiddle of the implementation smile

Regards,
Melek

Share

  • Registered: 2014-12-10
  • Posts: 1

Re: Convert generated ECC key to DER

Hi Chris,

   I have tried this function "EccKeyToDer" and it works as I expected.

   But on the other hand, is there any function could parse public key and private key from  DER file  ?

Best Regards,
Marcus

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Convert generated ECC key to DER

Hi Marcus,

We have a couple of different functions in <cyassl/ctaocrypt/ecc.h> that can be used for reading in public and/or private keys:

/* import public ECC key in ANSI X9.63 format */
int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);

/* ecc private key import, public key in ANSI X9.63 format, private raw */
int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key);

/* Import raw ECC key */
int ecc_import_raw(ecc_key* key, const char* qx, const char* qy, const char* d, const char* curveName);

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share