Topic: Load ECC public key from DER/PEM file

Although you can load a private ECC key from a DER/PEM file, there is no such option for public keys. You can import it by having it in ANSI X9.63 format, but I don't know how to convert an openssl-generated key to this specific format.

So, I'd like to know what to do, that is:
- how to convert from DER/PEM to X9.63, or
- how to load directly from DER/PEM.

Regards

Share

Re: Load ECC public key from DER/PEM file

Typically a Public Key is retrieved from a Certificate.  How are you getting the public key?  If you have control you can specify the format.  Is this for a specific protocol?

Thanks,
-Todd

Share

Re: Load ECC public key from DER/PEM file

I'm trying to load the public key from a file generated by openssl. In this case the idea is to load the key using the website embedded in my uC-powered board and store it in a non-volatile memory. So, even though I could deal with certificates, in my case loading it directly would be much easier.

However, as I said, having a way to convert from DER/PEM to X9.63 would be enough for me.

Regards

Share

Re: Load ECC public key from DER/PEM file

How did you create the public key?  My versions of openssl ec don't have a -pubout option like the man page does online.

We'll add a feature request to input OpenSSL DER/PEM format for ECC public keys.

Thanks,
-Todd

Share

Re: Load ECC public key from DER/PEM file

In order to create the private key:
openssl ecparam -name secp160r1 -genkey -noout -out secp160r1-key.pem

With this one you get the public key based on the previous private key:
openssl ec -in secp160r1-key.pem -pubout -out secp160r1-pub-key.pem

And this is the same as the previous one, but to create the public key in der format:
openssl ec -in secp160r1-key.pem -pubout -outform DER -out secp160r1-pub-key.der

Regards

Share

Re: Load ECC public key from DER/PEM file

@mamonetti Did you find a solution for this? About how to import the key.

Thanks

Share

Re: Load ECC public key from DER/PEM file

Hi sfefanoss1019,

If you want to import an ECC key in DER format into an ecc_key structure, you will want to use the following function.  If you are importing an ECC generated by OpenSSL, you will want to compile wolfSSL with ECC_DECODE_EXTRA defined.

#include <wolfssl/wolfcrypt/asn_public.h>
int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz);

If you instead want to import an ECC key into a WOLFSSL_CTX structure, for use in an SSL/TLS connection, you can use the following function.  Again, you will need to compile wolfSSL with ECC_DECODE_EXTRA if loading an ECC key generated by OpenSSL:

#include <wolfssl/ssl.h>
int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format);

The "format" parameter in the above function should be either SSL_FILETYPE_PEM if the key is PEM formatted or SSL_FILETYPE_ASN1 for a DER formatted key.

Best Regards,
Chris