OpenSSL "pkey" - Open Encrypted EC Keys

Q

How to open an encrypted EC key file using OpenSSL "pkey" command? I was told the key file is DES encrypted and I know the password.

✍: FYIcenter.com

A

If you are trying to open a password (encrypted) EC key file using the "pkey" command, you will be prompted for the password as shown below:

C:\Users\fyicenter>\local\openssl\openssl

OpenSSL> pkey -in my_ec_des.key -text -noout
Enter pass phrase for my_ec_des.key: noidea
unable to load key
15924:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad 
   decrypt:.\crypto\evp\evp_enc.c:529:
15924:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal 
   error:.\crypto\pkcs12\p12_decr.c:108:
15924:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe 
   crypt error:.\crypto\pkcs12\p12_decr.c:139:
15924:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 
   lib:.\crypto\pem\pem_pkey.c:141:
error in pkey

OpenSSL> pkey -in my_ec_des.key -text -noout
Enter pass phrase for my_ec_des.key: fyicenter
Private-Key: (112 bit)
priv:
    31:b2:99:6b:d4:e6:be:95:68:54:9b:43:f0:c1
pub:
    04:56:3d:bb:e9:c1:a0:41:c0:a4:8d:2a:ce:43:e6:
    9b:4a:ae:fd:66:57:32:f9:5a:63:52:60:7b:71
Field Type: prime-field
Prime:
    00:db:7c:2a:bf:62:e3:5e:66:80:76:be:ad:20:8b
A:
    00:db:7c:2a:bf:62:e3:5e:66:80:76:be:ad:20:88
B:
    65:9e:f8:ba:04:39:16:ee:de:89:11:70:2b:22
Generator (uncompressed):
    04:09:48:72:39:99:5a:5e:e7:6b:55:f9:c2:f0:98:
    a8:9c:e5:af:87:24:c0:a2:3e:0e:0f:f7:75:00
Order:
    00:db:7c:2a:bf:62:e3:5e:76:28:df:ac:65:61:c5
Cofactor:  1 (0x1)
Seed:
    00:f5:0b:02:8e:4d:69:6e:67:68:75:61:51:75:29:
    04:72:78:3f:b1

Options used in this command are:

  • "-in my_ec_des.key" - Read the EC private key file.
  • "-text" - Print content of the key in text format.
  • "-noout" - Do not include the key in the output.
  • "noidea" - The incorrect password of the key file. You get errors.
  • "fyicenter" - The correct password of the key file.

 

OpenSSL "pkey -aes*" - Re-Encrypt EC Keys

OpenSSL "genpkey -des" - DES Encrypt EC Keys

OpenSSL "genpkey" Command for EC Keys

⇑⇑ OpenSSL Tutorials

2017-06-16, 3712🔥, 0💬