OpenSSL "ans1parse" - DH Private Key in ASN.1 Structure

Q

How to view the ASN.1 structure of an DH private key using the OpenSSL "asn1parse" command?

✍: FYIcenter.com

A

You can use the OpenSSL "asn1parse" command to view the ASN.1 structure of an DH private key as shown in the test below:

C:\Users\fyicenter>\local\openssl\openssl 
   genpkey -genparam -algorithm dh -out dh_test.prm -pkeyopt dh_paramgen_prime_len:256
............+....+...................+.+............+.....+.......+..++*++*++*++
*++*++*++*++*++*++*++*++*

C:\Users\fyicenter>\local\openssl\openssl 
  genpkey -paramfile dh_test.prm -out dh_pri.key

C:\Users\fyicenter>\local\openssl\openssl asn1parse -in dh_pri.key -i
    0:d=0  hl=2 l=  92 cons: SEQUENCE
    2:d=1  hl=2 l=   1 prim:  INTEGER           :00
    5:d=1  hl=2 l=  51 cons:  SEQUENCE
    7:d=2  hl=2 l=   9 prim:   OBJECT            :dhKeyAgreement
   18:d=2  hl=2 l=  38 cons:   SEQUENCE
   20:d=3  hl=2 l=  33 prim:    INTEGER           :8B58E1395DF5CF48DA87B088C6525
EFF4AECBDA5C269EF2378A31A4A62B1647B
   55:d=3  hl=2 l=   1 prim:    INTEGER           :02
   58:d=1  hl=2 l=  34 prim:  OCTET STRING      [HEX DUMP]:02204233D0A221A766BA2
CE0492F2B8F6A822BE38CF33E3A6850C806C6031D78457E

C:\Users\fyicenter>\local\openssl\openssl 
   asn1parse -in dh_pri.key -strparse 58
    0:d=0  hl=2 l=  32 prim: INTEGER           :4233D0A221A766BA2CE0492F2B8F6A82
2BE38CF33E3A6850C806C6031D78457E

C:\Users\fyicenter>\local\openssl\openssl pkey -in dh_pri.key -text -noout
DH Private-Key: (256 bit)
    private-key:
        42:33:d0:a2:21:a7:66:ba:2c:e0:49:2f:2b:8f:6a:
        82:2b:e3:8c:f3:3e:3a:68:50:c8:06:c6:03:1d:78:
        45:7e
    public-key:
        4c:c9:c9:4c:eb:5b:13:f2:b4:b3:ab:b9:f2:0c:b8:
        30:ff:c3:bb:5d:c6:42:8c:08:b1:8c:f3:e5:30:19:
        08:ad
    prime:
        00:8b:58:e1:39:5d:f5:cf:48:da:87:b0:88:c6:52:
        5e:ff:4a:ec:bd:a5:c2:69:ef:23:78:a3:1a:4a:62:
        b1:64:7b
    generator: 2 (0x2)

Note about the test:

  • A DH private key is stored in an ASN.1 3-level SEQUENCE structure
  • The top level SEQUENCE contains an INTEGER indicating the format version 0x00, the middle level SEQUENCE and an OCTET STRING,
  • The middle level SEQUENCE contains an OID indicating the DH algorithm and lower level SEQUENCE.
  • The lower level SEQUENCE contains 2 INTEGER fields for the DH parameters.
  • The OCTET STRING wraps a hidden INTEGER to store the private integer.
  • The public integer is not stored. It will be calculated using the private integer.

 

OpenSSL "ans1parse" - Configuration File for DH Private Key

OpenSSL "ans1parse" - Configuration File for DSA Public Key

OpenSSL "ans1parse" Command

⇑⇑ OpenSSL Tutorials

2016-09-26, 6860👍, 0💬