OpenSSL "genpkey -paramfile" - Generate EC Key

Q

How to generate a new EC private key using OpenSSL "genpkey" command?

✍: FYIcenter.com

A

If you need a new EC private key in order to create a new certificate, you can use the OpenSSL "genpkey" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> genpkey -paramfile my_ec.prm -out my_ec.key
OpenSSL> exit

C:\Users\fyicenter>type my_ec.key
-----BEGIN PRIVATE KEY-----
MIHWAgEAMIGXBgcqhkjOPQIBMIGLAgEBMBoGByqGSM49AQECDwDbfCq/YuNeZoB2
vq0gizA3BA7bfCq/YuNeZoB2vq0giAQOZZ74ugQ5Fu7eiRFwKyIDFQAA9QsCjk1p
bmdodWFRdSkEcng/sQQdBAlIcjmZWl7na1X5wvCYqJzlr4ckwKI+Dg/3dQACDwDb
fCq/YuNedijfrGVhxQIBAQQ3MDUCAQEEDr7sZMQ+Isr8SP8PBKHsoSADHgAEyrdr
poWlC1qjufDpkDCzLAspBOHKK/30U4gNnQ==
-----END PRIVATE KEY-----

Note about this test:

  • You don't need to specify "-algorighm ec", because the EC parameter file is provided by the "-paramfile my_ec.prm" option.
  • The output is labeled as private key. But it actually contains two parts, a private key and a matching public key, as a key pair for encryption and decryption.
  • The output is not password protected, which is not recommended. Private keys must be kept private with a password.

 

OpenSSL "genpkey" Command for EC Keys

⇒⇒OpenSSL Tutorials

2017-08-08, 402👍, 0💬