- Advanced Blockchain Development
- Imran Bashir Narayan Prusty
- 394字
- 2021-06-24 14:04:59
Private key generation
To generate the private key, execute the following command:
$ openssl ecparam -name secp256k1 -genkey -noout -out ec-privatekey.pem $ cat ec-privatekey.pem -----BEGIN EC PRIVATE KEY----- MHQCAQEEIJHUIm9NZAgfpUrSxUk/iINq1ghM/ewn/RLNreuR52h/oAcGBSuBBAAK oUQDQgAE0G33mCZ4PKbg5EtwQjk6ucv9Qc9DTr8JdcGXYGxHdzr0Jt1NInaYE0GG
ChFMT5pK+wfvSLkYl5ul0oczwWKjng== -----END EC PRIVATE KEY-----
The file named ec-privatekey.pem now contains the Elliptic Curve (EC) private key that is generated based on the secp256k1 curve. In order to generate a public key from a private key, issue the following command:
$ openssl ec -in ec-privatekey.pem -pubout -out ec-pubkey.pem read EC key writing EC key
Reading the file produces the following output, displaying the generated public key:
$ cat ec-pubkey.pem -----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE0G33mCZ4PKbg5EtwQjk6ucv9Qc9DTr8J dcGXYGxHdzr0Jt1NInaYE0GGChFMT5pK+wfvSLkYl5ul0oczwWKjng== -----END PUBLIC KEY-----
Now the ec-pubkey.pem file contains the public key derived from ec-privatekey.pem. The private key can be further explored using the following command:
$ openssl ec -in ec-privatekey.pem -text -noout read EC key Private-Key: (256 bit)
priv: 00:91:d4:22:6f:4d:64:08:1f:a5:4a:d2:c5:49:3f: 88:83:6a:d6:08:4c:fd:ec:27:fd:12:cd:ad:eb:91:
e7:68:7f pub: 04:d0:6d:f7:98:26:78:3c:a6:e0:e4:4b:70:42:39: 3a:b9:cb:fd:41:cf:43:4e:bf:09:75:c1:97:60:6c: 47:77:3a:f4:26:dd:4d:22:76:98:13:41:86:0a:11: 4c:4f:9a:4a:fb:07:ef:48:b9:18:97:9b:a5:d2:87: 33:c1:62:a3:9e ASN1 OID: secp256k1
Similarly, the public key can be further explored with the following command:
$ openssl ec -in ec-pubkey.pem -pubin -text -noout read EC key Private-Key: (256 bit)
pub: 04:d0:6d:f7:98:26:78:3c:a6:e0:e4:4b:70:42:39: 3a:b9:cb:fd:41:cf:43:4e:bf:09:75:c1:97:60:6c: 47:77:3a:f4:26:dd:4d:22:76:98:13:41:86:0a:11: 4c:4f:9a:4a:fb:07:ef:48:b9:18:97:9b:a5:d2:87: 33:c1:62:a3:9e ASN1 OID: secp256k1
It is also possible to generate a file with the required parameters, in this case, secp256k1, and then explore it further to understand the underlying parameters:
$ openssl ecparam -name secp256k1 -out secp256k1.pem $ cat secp256k1.pem -----BEGIN EC PARAMETERS----- BgUrgQQACg== -----END EC PARAMETERS-----
The file now contains all the secp256k1 parameters, and it can be analyzed using the following command:
$ openssl ecparam -in secp256k1.pem -text -param_enc explicit -noout
This command will produce the output similar to the one shown here:
Field Type: prime-field
Prime: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
ff:fc:2f A: 0 B: 7 (0x7) Generator (uncompressed):
04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87: 0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16: f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc: 0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0: 8f:fb:10:d4:b8
Order: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0: 36:41:41 Cofactor: 1 (0x1)
The preceding example shows the prime number used and values of A and B, with the generator, order, and cofactor of the secp256k1 curve domain parameters.
With the preceding example, our introduction to public key cryptography from encryption and decryption perspective is complete. Other relevant constructs like digital signatures will be discussed later in the chapter.
In the next section, we will look at another category of cryptographic primitives, hash functions. Hash functions are not used to encrypt data; instead, they produce a fixed-length digest of the data that is provided as input to the hash function.