get x and y components of ec public key using openssl
I am generating a KeyPair for ECC from curve 'secp128r1' using openssl
Steps I followed :
-
first I generated a private key using the command
openssl ecparam -genkey -name secp128r1 -noout -out private.pem
-
then i viewed the corresponding public key using the command
openssl ec -in private.pem -text -noout
which showed an output as :
read EC key
Private-Key: (128 bit)
priv:
00:9f:bf:2b:bd:06:86:3a:a1:bc:7c:3e:90:57:40:
f4:bc
pub:
04:04:ce:24:34:d4:cb:f2:58:94:2f:8a:5f:06:d7:
3f:ed:5a:50:ef:fb:cc:b7:49:62:16:62:9e:aa:d5:
30:a8:a5
ASN1 OID: secp128r1
I want explicitly x and y components from the public key generated here, please can anyone suggest the correct way of doing this ?
The above public key is 264 bits long, hence cannot take(/split) it as is
Thanks
First of all, secp128r1 is outdated. Use curves that give better security for today's standard. See safecurves by Daniel J. Bernstein and Tanja Lange.
An Elliptic Curve defined over a field of size q and every element -point- has two coordinates X and Y. The Elliptic Curve Secp128r1 has 2128-297-1 size ℓ, i.e. number of points a little under 2^128. This means that we need 128-bit representation.
The public key which is also a point on the curve has two coordinates, therefore, we need to store two 128-bit.
If we look at the equation of the elliptic curve Y2 = X3 + aX + b where
a = FFFFFFFD FFFFFFFF FFFFFFFF FFFFFF
b = E87579C1 1079F43D D824993C 2CEE5E
if we know X from the equation we can find Y. Since we are working in a field the Y can have at most two square roots. Y2 will have y or -y as the square root. This knowledge can be used to compress the representation of a point and it is called point compression. Just x coordinate and one bit to select y or -y. Now look at the base point (see Certicom recommendation)
base point = 03 161FF752 8B899B2D 0C28607C A52C5B86
= 04 161FF752 8B899B2D 0C28607C A52C5B86 CF5AC839 5BAFEB13 C02DA292 DDED7A83
The first octet determines the structure
-
04
means there is no compression -
03
means there is a compression and select y as positive -
02
means there is a compression and select y as negative
Now turn into OP's parameters;
pub: 04: 04:ce:24:34:d4:cb:f2:58:94:2f:8a:5f:06:d7:3f:ed: -->X 5a:50:ef:fb:cc:b7:49:62:16:62:9e:aa:d5:30:a8:a5 -->Y
first octet 04
means there is no compression. The first line is the X coordinate and the second line is the Y coordinate of your public key.
What about the private key n? It is just a scalar -integer- between 0<=n<=ℓ
priv: 00:9f:bf:2b:bd:06:86:3a:a1:bc:7c:3e:90:57:40:f4:bc
Therefore, the above number - not point - is your private key.
You can also use some web tools to extract this information.
- 8gwifi.org - Crypto Playground
Note: please don't expose your private key.