• Registered: 2016-08-03
  • Posts: 3

Topic: how to encrypt ecc private key with password?

i make ecc key pair.
and encode to pkcs#8 der format using wc_EccKeyToDer function.
but i want to encrypt my private key with pkcs#5.
how can i do this?

Share

  • Registered: 2016-08-03
  • Posts: 3

Re: how to encrypt ecc private key with password?

i want to like PKCS8_encrypt function in openssl.

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: how to encrypt ecc private key with password?

Hi Hyunbum83,

Have a look at this article we posted a while back:
https://www.wolfssl.com/wolfSSL/Blog/En … ation.html

We support this using "wc_PKCS12_PBKDF". Enabled using ./configure --enable-pwdbased or making sure NO_PWDBASED is not defined.

Let me know if this doesn't answer your question.

Thanks, David Garske, wolfSSL

Share

  • Registered: 2016-08-03
  • Posts: 3

Re: how to encrypt ecc private key with password?

wc_PKCS12_PBKDF is only PKCS#5 password based key derivation methode...
i need to convert methode PKCS#8 private Key ->  PKCS#8 Encrypted private Key.

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: how to encrypt ecc private key with password?

Hi Hyunbum83,

It looks like we support encrypting an ECC private key using the API "wolfSSL_PEM_write_mem_ECPrivateKey". However this is an openssl compatibility API layer, so you'll have to setup a "WOLFSSL_EC_KEY" object using "wolfSSL_EC_KEY_new()" and load it using "wolfSSL_EC_KEY_LoadDer".

I'm going to add a feature request to expose this without opensslextra. Curious what you are working on that requires this? It will help us prioritize this feature if we have some background on what you are working on.

Note: Using "wolfSSL_PEM_write_mem_ECPrivateKey" requires having --enable-keygen --enable-opensslextra (or WOLFSSL_KEY_GEN and OPENSSL_EXTRA defined).

Thanks,
David Garske, wolfSSL

Share