OpenSSL "genpkey -paramfile" - Generate EC Key

Q

How to generate a new EC private key using OpenSSL "genpkey" command?

✍: FYIcenter.com

A

If you need a new EC private key in order to create a new certificate, you can use the OpenSSL "genpkey" command as shown below: 

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> genpkey -paramfile my_ec.prm -out my_ec.key
OpenSSL> exit

C:\Users\fyicenter>type my_ec.key
-----BEGIN PRIVATE KEY-----
MIHWAgEAMIGXBgcqhkjOPQIBMIGLAgEBMBoGByqGSM49AQECDwDbfCq/YuNeZoB2
vq0gizA3BA7bfCq/YuNeZoB2vq0giAQOZZ74ugQ5Fu7eiRFwKyIDFQAA9QsCjk1p
bmdodWFRdSkEcng/sQQdBAlIcjmZWl7na1X5wvCYqJzlr4ckwKI+Dg/3dQACDwDb
fCq/YuNedijfrGVhxQIBAQQ3MDUCAQEEDr7sZMQ+Isr8SP8PBKHsoSADHgAEyrdr
poWlC1qjufDpkDCzLAspBOHKK/30U4gNnQ==
-----END PRIVATE KEY-----

Note about this test:

  • You don't need to specify "-algorighm ec", because the EC parameter file is provided by the "-paramfile my_ec.prm" option.
  • The output is labeled as private key. But it actually contains two parts, a private key and a matching public key, as a key pair for encryption and decryption.
  • The output is not password protected, which is not recommended. Private keys must be kept private with a password.

 

OpenSSL "genpkey" Command for EC Keys

⇒⇒OpenSSL Tutorials

2017-08-08, 768👍, 0💬

Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Mozilla CertUtil OpenSSL Other Portecle Public Private Key Publishers Revoked Certificates Root CA Tools Tutorial What Is Windows