这个也值得参考下:openssl rsa/pkey(查看私钥、从私钥中提取公钥、查看公钥)
本文使用的openssl版本:
[vagrant@vm-node1:tmp]$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
bitcoin中的密钥综述
关于bitcon中使用的椭圆曲线加密体制的一些事实:
- 私钥长度
32bytes - 公钥长度
64bytes (未压缩形式)或者32bytes(压缩形式)+ 1byte(前缀) - 椭圆曲线C是
secp256k1曲线 - 椭圆曲线加密体制基于
模运算
在本文中,我们唯一的输入就是私钥。公钥可以唯一地从私钥推导而来。我们先使用openssl命令行生成一个密钥对样例,然后再尝试编写C语言代码进行同样的操作。
在OpenSSL命令行中生成
私钥
一个私钥是一个随机选取的32 bytes的数字,并且我们都知道32 bytes存储的数字可以转换成为一个非常大的数值,最大可以达到2256。去猜测这样一个数字是很荒谬的,因此可以认为它的生成具有很高的随机性。
得到一个全新的私钥是非常容易的:
$ openssl ecparam -name secp256k1 -genkey -out ec-priv.pem
生成的结果文件ec-prive.pem中包含了曲线名称(secp256k1)和私钥,它们连同一些其它字符一起被base64编码。
这个文件可以被快速解码为可读的16进制形式:
openssl ec -in ec-priv.pem -text -noout
以下是我所生成的密钥对形式(你生成的与我的不相同):
read EC key
Private-Key: (256 bit)
priv:
16:26:07:83:e4:0b:16:73:16:73:62:2a:c8:a5:b0:
45:fc:3e:a4:af:70:f7:27:f3:f9:e9:2b:dd:3a:1d:
dc:42
pub:
04:82:00:6e:93:98:a6:98:6e:da:61:fe:91:67:4c:
3a:10:8c:39:94:75:bf:1e:73:8f:19:df:c2:db:11:
db:1d:28:13:0c:6b:3b:28:ae:f9:a9:c7:e7:14:3d:
ac:6c:f1:2c:09:b8:44:4d:b6:16:79:ab:b1:d8:6f:
85:c0:38:a5:8c
ASN1 OID: secp256k1
其中私钥被显示为这样的形式会更直观:
16 26 07 83 e4 0b 16 73
16 73 62 2a c8 a5 b0 45
fc 3e a4 af 70 f7 27 f3
f9 e9 2b dd 3a 1d dc 42
这个私钥代表着你的身份,必须安全地将它保存。也就是说,如果这不是我用来举例的而生成的私钥,我不会将它分享给任何人。我们会用这个私钥来签名我们的信息,这样的话所有人就会相信这个信息确实是我本人发出的。如果其他人窃取了你的私钥,他将能够伪造你的身份。在bitcoin中,他就能够拿走你所有的钱。一定要当心!
公钥
默认情况下,一个公钥是由两个 32bytes 的大数组成,这种就是所谓的未压缩形式。这两个数字代表着二维坐标系上,secp256k1椭圆曲线上的一个点(x,y),它是符合以下方程的:
y2 = x3 + 7
这个点的坐标是由私钥决定的,但是反之,从点的坐标推断私钥是不可行的。毕竟,这就是椭圆曲线加密算法安全性的保障。根据依赖特性,结合上述方程和一个x值,可以计算得到一个对应的y值。事实上,压缩形式的公钥就是根据这个原理将y值省略掉来节省空间的。
我们可以将上述密钥对中的公钥部分取出,存储到一个叫做ec-pub.pem的外部文件中:
$ openssl ec -in ec-priv.pem -pubout -out ec-pub.pem
接着将它解码:
$ openssl ec -in ec-pub.pem -pubin -text -noout
未包含私钥部分的文本形式就会显示出来:
read EC key
Private-Key: (256 bit)
pub:
04:82:00:6e:93:98:a6:98:6e:da:61:fe:91:67:4c:
3a:10:8c:39:94:75:bf:1e:73:8f:19:df:c2:db:11:
db:1d:28:13:0c:6b:3b:28:ae:f9:a9:c7:e7:14:3d:
ac:6c:f1:2c:09:b8:44:4d:b6:16:79:ab:b1:d8:6f:
85:c0:38:a5:8c
ASN1 OID: secp256k1
一个更加直观的版本:
04
82 00 6e 93 98 a6 98 6e
da 61 fe 91 67 4c 3a 10
8c 39 94 75 bf 1e 73 8f
19 df c2 db 11 db 1d 28
13 0c 6b 3b 28 ae f9 a9
c7 e7 14 3d ac 6c f1 2c
09 b8 44 4d b6 16 79 ab
b1 d8 6f 85 c0 38 a5 8c
这个未压缩的版本包含了65个字节:
- 一个不变的
04前缀 - 32 bytes 的 x 坐标
- 32 bytes 的 y 坐标
很容易就可以将它转换为压缩形式。我们只需省略掉y并改掉它的前缀。这个新前缀是根据y来决定的:前缀是 02表示y是偶数值,前缀是 03表示y是奇数值。
通过:
$ openssl ec -in ec-pub.pem -pubin -text -noout -conv_form compressed
命令行中显示:
read EC key
Private-Key: (256 bit)
pub:
02:82:00:6e:93:98:a6:98:6e:da:61:fe:91:67:4c:
3a:10:8c:39:94:75:bf:1e:73:8f:19:df:c2:db:11:
db:1d:28
ASN1 OID: secp256k1
结论, 压缩形式占据33bytes:
- 一个
02或03的前缀 - 32bytes 的 x 坐标
从代码中生成
(注:原文作者的 repository)
密钥对的产生过程是冗长的,然而使用OpenSSL来完成却不难。我ec.h中声明了一个帮助函数,原型如下:
EC_KEY *bbp_ec_new_keypair(const uint8_t *priv_bytes);
我们来一起分析一下原文中的部分代码,一些OpenSSL中的数据结构如下:
- BN_CTX, BIGNUM
- EC_KEY
- EC_GROUP, EC_POINT
前两个结构体属于OpenSSL的任意精度算数(大数)部分,因为我们需要处理非常大的数字。EC_KEY可以是一个完整的密钥对或者是一个单独的公钥。EC_GROUP和EC_POINT帮助我们根据私钥来计算公钥。
最重要的部分,我们初始化了一个EC_KEY结构来存储一对密钥对:
key = EC_KEY_new_by_curve_name(NID_secp256k1);
填充私钥是很容易的,但是需要一个过渡过程。再将要输入的priv_bytes填入密钥对之前,我们需要将它转换为BIGNUM,在这里命名为priv。
BN_init(&priv);
BN_bin2bn(priv_bytes, 32, &priv);
EC_KEY_set_private_key(key, &priv);
对于复杂的大数操作,OpenSSL需要一个上下文环境,这就是BN_CTX需要被创建的原因。公钥的推导需要一个深层次的数学理解,而这并不是这篇文章所要达到的目标。简单来说,就是我们在曲线上定位一个固定的点G(generator, 代码中的group), 然后乘以标量私钥n,而这是一个在模运算中不可逆的过程。它的结果P = n * G就是第二个点,公钥pub。最终,公钥被载入到密钥对中:
ctx = BN_CTX_new();
BN_CTX_start(ctx);
group = EC_KEY_get0_group(key);
pub = EC_POINT_new(group);
EC_POINT_mul(group, pub, &priv, NULL, NULL, ctx);
EC_KEY_set_public_key(key, pub);
最后时刻,我们要在ex-ec-keypair.c测试密钥对。我们期待如果给定一个固定的私钥,通过代码产生的结果和命令行中产生的结果相同。
参数说明如下,源于这里:
ecparam:EC参数设置以及生成命令-genkey:使用特定参数生成EC私钥-name:ec参数,可以使用openssl ecparam -list_curves查看,这里用的是secp256k1-out:输出文件名ec:EC密钥处理命令-in:输入文件-pubout:默认情况下会输出私钥,加上该选项会变成输出公钥(如果输入是公钥的情况下该参数会自动设置)
1、随机生成私钥:
[vagrant@vm-node1:tmp]$ openssl ecparam -name secp256k1 -genkey -out priv.pem
[vagrant@vm-node1:tmp]$ cat priv.pem
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEINV1mnAAudnUqNHMMjXbp4vg9iXqRLpVBPBpiUbTGg3+oAcGBSuBBAAK
oUQDQgAE2rIg5T7Xx7T1eSb2I51HhozqErhGAudO/ZiFXoSEUcCDP8cr4bYmPR/U
hy5NGXJ2Veo5c1bvjN0FE3jHcZS1Ag==
-----END EC PRIVATE KEY-----
下面这个生成了一个新的私钥文件,只是加了一个-noout ,noout的作用是:Do not print the ec parameter,不会输出ec参数
[vagrant@vm-node1:tmp]$ openssl ecparam -name secp256k1 -genkey -out priv.pem1 -noout
[vagrant@vm-node1:tmp]$ cat priv.pem1
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIBCS7v5f/WxIqaYd5GIZ6wKgEhWZ/IZ0tOYV7HaT6X1+oAcGBSuBBAAK
oUQDQgAEeiuuMCch7ACNkOVSKkUX4znJowtGOeWmluf0lWjd7hWpHJx/6Fm/FaYe
giBtxooBTK5sYbV4XAoWEaPF20tTSQ==
-----END EC PRIVATE KEY-----
[vagrant@vm-node1:tmp]$ openssl ec -in priv.pem1
#基本就是跟cat输出一样了,多了read和writing 两行。
read EC key
writing EC key
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIBCS7v5f/WxIqaYd5GIZ6wKgEhWZ/IZ0tOYV7HaT6X1+oAcGBSuBBAAK
oUQDQgAEeiuuMCch7ACNkOVSKkUX4znJowtGOeWmluf0lWjd7hWpHJx/6Fm/FaYe
giBtxooBTK5sYbV4XAoWEaPF20tTSQ==
-----END EC PRIVATE KEY-----
[vagrant@vm-node1:tmp]$ openssl ec -in priv.pem1 -text
#人类可读信息^_^, 以及EC PRIVATE KEY
read EC key
Private-Key: (256 bit)
priv:
10:92:ee:fe:5f:fd:6c:48:a9:a6:1d:e4:62:19:eb:
02:a0:12:15:99:fc:86:74:b4:e6:15:ec:76:93:e9:
7d:7e
pub:
04:7a:2b:ae:30:27:21:ec:00:8d:90:e5:52:2a:45:
17:e3:39:c9:a3:0b:46:39:e5:a6:96:e7:f4:95:68:
dd:ee:15:a9:1c:9c:7f:e8:59:bf:15:a6:1e:82:20:
6d:c6:8a:01:4c:ae:6c:61:b5:78:5c:0a:16:11:a3:
c5:db:4b:53:49
ASN1 OID: secp256k1
writing EC key
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIBCS7v5f/WxIqaYd5GIZ6wKgEhWZ/IZ0tOYV7HaT6X1+oAcGBSuBBAAK
oUQDQgAEeiuuMCch7ACNkOVSKkUX4znJowtGOeWmluf0lWjd7hWpHJx/6Fm/FaYe
giBtxooBTK5sYbV4XAoWEaPF20tTSQ==
-----END EC PRIVATE KEY-----
[vagrant@vm-node1:tmp]$ openssl ec -in priv.pem1 -text -noout
#不再输出ec参数
read EC key
Private-Key: (256 bit)
priv:
10:92:ee:fe:5f:fd:6c:48:a9:a6:1d:e4:62:19:eb:
02:a0:12:15:99:fc:86:74:b4:e6:15:ec:76:93:e9:
7d:7e
pub:
04:7a:2b:ae:30:27:21:ec:00:8d:90:e5:52:2a:45:
17:e3:39:c9:a3:0b:46:39:e5:a6:96:e7:f4:95:68:
dd:ee:15:a9:1c:9c:7f:e8:59:bf:15:a6:1e:82:20:
6d:c6:8a:01:4c:ae:6c:61:b5:78:5c:0a:16:11:a3:
c5:db:4b:53:49
ASN1 OID: secp256k1
[vagrant@vm-node1:tmp]$ openssl ec -in priv.pem -text
read EC key
Private-Key: (256 bit)
priv:
d5:75:9a:70:00:b9:d9:d4:a8:d1:cc:32:35:db:a7:
8b:e0:f6:25:ea:44:ba:55:04:f0:69:89:46:d3:1a:
0d:fe
pub:
04:da:b2:20:e5:3e:d7:c7:b4:f5:79:26:f6:23:9d:
47:86:8c:ea:12:b8:46:02:e7:4e:fd:98:85:5e:84:
84:51:c0:83:3f:c7:2b:e1:b6:26:3d:1f:d4:87:2e:
4d:19:72:76:55:ea:39:73:56:ef:8c:dd:05:13:78:
c7:71:94:b5:02
ASN1 OID: secp256k1
writing EC key
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEINV1mnAAudnUqNHMMjXbp4vg9iXqRLpVBPBpiUbTGg3+oAcGBSuBBAAK
oUQDQgAE2rIg5T7Xx7T1eSb2I51HhozqErhGAudO/ZiFXoSEUcCDP8cr4bYmPR/U
hy5NGXJ2Veo5c1bvjN0FE3jHcZS1Ag==
-----END EC PRIVATE KEY-----
[vagrant@vm-node1:tmp]$ openssl ec -in priv.pem -text -noout
read EC key
Private-Key: (256 bit)
priv:
d5:75:9a:70:00:b9:d9:d4:a8:d1:cc:32:35:db:a7:
8b:e0:f6:25:ea:44:ba:55:04:f0:69:89:46:d3:1a:
0d:fe
pub:
04:da:b2:20:e5:3e:d7:c7:b4:f5:79:26:f6:23:9d:
47:86:8c:ea:12:b8:46:02:e7:4e:fd:98:85:5e:84:
84:51:c0:83:3f:c7:2b:e1:b6:26:3d:1f:d4:87:2e:
4d:19:72:76:55:ea:39:73:56:ef:8c:dd:05:13:78:
c7:71:94:b5:02
ASN1 OID: secp256k1
2、根据私钥文件priv.pem生成公钥:
[vagrant@vm-node1:tmp]$ openssl ec -in priv.pem -pubout -out pub.pem
read EC key
writing EC key
[vagrant@vm-node1:tmp]$
[vagrant@vm-node1:tmp]$ cat pub.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2rIg5T7Xx7T1eSb2I51HhozqErhGAudO
/ZiFXoSEUcCDP8cr4bYmPR/Uhy5NGXJ2Veo5c1bvjN0FE3jHcZS1Ag==
-----END PUBLIC KEY-----
解析pub.pem文件:
[vagrant@vm-node1:tmp]$ openssl ec -pubin -in pub.pem -text
read EC key
Public-Key: (256 bit)
pub:
04:da:b2:20:e5:3e:d7:c7:b4:f5:79:26:f6:23:9d:
47:86:8c:ea:12:b8:46:02:e7:4e:fd:98:85:5e:84:
84:51:c0:83:3f:c7:2b:e1:b6:26:3d:1f:d4:87:2e:
4d:19:72:76:55:ea:39:73:56:ef:8c:dd:05:13:78:
c7:71:94:b5:02
ASN1 OID: secp256k1
writing EC key
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2rIg5T7Xx7T1eSb2I51HhozqErhGAudO
/ZiFXoSEUcCDP8cr4bYmPR/Uhy5NGXJ2Veo5c1bvjN0FE3jHcZS1Ag==
-----END PUBLIC KEY-----
[vagrant@vm-node1:tmp]$ openssl ec -pubin -in pub.pem -text -noout
read EC key
Public-Key: (256 bit)
pub:
04:da:b2:20:e5:3e:d7:c7:b4:f5:79:26:f6:23:9d:
47:86:8c:ea:12:b8:46:02:e7:4e:fd:98:85:5e:84:
84:51:c0:83:3f:c7:2b:e1:b6:26:3d:1f:d4:87:2e:
4d:19:72:76:55:ea:39:73:56:ef:8c:dd:05:13:78:
c7:71:94:b5:02
ASN1 OID: secp256k1
压缩版本的公钥:
[vagrant@vm-node1:tmp]$ openssl ec -in pub.pem -pubin -text -conv_form compressed
read EC key
Public-Key: (256 bit)
pub:
02:da:b2:20:e5:3e:d7:c7:b4:f5:79:26:f6:23:9d:
47:86:8c:ea:12:b8:46:02:e7:4e:fd:98:85:5e:84:
84:51:c0
ASN1 OID: secp256k1
writing EC key
-----BEGIN PUBLIC KEY-----
MDYwEAYHKoZIzj0CAQYFK4EEAAoDIgAC2rIg5T7Xx7T1eSb2I51HhozqErhGAudO
/ZiFXoSEUcA=
-----END PUBLIC KEY-----
[vagrant@vm-node1:tmp]$ openssl ec -in pub.pem -pubin -text -conv_form compressed -noout
read EC key
Public-Key: (256 bit)
pub:
02:da:b2:20:e5:3e:d7:c7:b4:f5:79:26:f6:23:9d:
47:86:8c:ea:12:b8:46:02:e7:4e:fd:98:85:5e:84:
84:51:c0
ASN1 OID: secp256k1
openssl help:
[vagrant@vm-node1:~]$ openssl help
help:
Standard commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 md4 md5
rmd160 sha1 sha224 sha256
sha3-224 sha3-256 sha3-384 sha3-512
sha384 sha512 sha512-224 sha512-256
shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb sm4-cbc sm4-cfb
sm4-ctr sm4-ecb sm4-ofb
1、enc,用于加密
[vagrant@vm-node1:~]$ openssl enc -help
Usage: enc [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
enc -list:
[vagrant@vm-node1:~]$ openssl enc -list
Supported ciphers:
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-ofb -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-ofb
-aes128 -aes128-wrap -aes192
-aes192-wrap -aes256 -aes256-wrap
-aria-128-cbc -aria-128-cfb -aria-128-cfb1
-aria-128-cfb8 -aria-128-ctr -aria-128-ecb
-aria-128-ofb -aria-192-cbc -aria-192-cfb
-aria-192-cfb1 -aria-192-cfb8 -aria-192-ctr
-aria-192-ecb -aria-192-ofb -aria-256-cbc
-aria-256-cfb -aria-256-cfb1 -aria-256-cfb8
-aria-256-ctr -aria-256-ecb -aria-256-ofb
-aria128 -aria192 -aria256
-bf -bf-cbc -bf-cfb
-bf-ecb -bf-ofb -blowfish
-camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1
-camellia-128-cfb8 -camellia-128-ctr -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ctr
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ctr -camellia-256-ecb -camellia-256-ofb
-camellia128 -camellia192 -camellia256
-cast -cast-cbc -cast5-cbc
-cast5-cfb -cast5-ecb -cast5-ofb
-chacha20 -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ecb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ecb
-des-ede3-ofb -des-ofb -des3
-des3-wrap -desx -desx-cbc
-id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap
-id-aes192-wrap-pad -id-aes256-wrap -id-aes256-wrap-pad
-id-smime-alg-CMS3DESwrap -rc2 -rc2-128
-rc2-40 -rc2-40-cbc -rc2-64
-rc2-64-cbc -rc2-cbc -rc2-cfb
-rc2-ecb -rc2-ofb -rc4
-rc4-40 -seed -seed-cbc
-seed-cfb -seed-ecb -seed-ofb
-sm4 -sm4-cbc -sm4-cfb
-sm4-ctr -sm4-ecb -sm4-ofb
2、ec,椭圆曲线:
[vagrant@vm-node1:~]$ openssl ec -help
Usage: ec [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
Input options:
-in val Input file
-inform format Input format (DER/PEM/P12/ENGINE)
-pubin Expect a public key in input file
-passin val Input file pass phrase source
-check check key consistency
-* Any supported cipher
-param_enc val Specifies the way the ec parameters are encoded
-conv_form val Specifies the point conversion form
Output options:
-out outfile Output file
-outform PEM|DER Output format - DER or PEM
-noout Don't print key out
-text Print the key
-param_out Print the elliptic curve parameters
-pubout Output public key, not private
-no_public exclude public key from private key
-passout val Output file pass phrase source
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
3、ecparam:
[vagrant@vm-node1:tmp]$ openssl ecparam --help
Usage: ecparam [options]
General options:
-help Display this summary
-list_curves Prints a list of all curve 'short names'
-engine val Use engine, possibly a hardware device
-genkey Generate ec key
-in infile Input file - default stdin
-inform PEM|DER Input format - default PEM (DER or PEM)
-out outfile Output file - default stdout
-outform PEM|DER Output format - default PEM
Output options:
-text Print the ec parameters in text form
-noout Do not print the ec parameter
-param_enc val Specifies the way the ec parameters are encoded
Parameter options:
-check Validate the ec parameters
-check_named Check that named EC curve parameters have not been modified
-no_seed If 'explicit' parameters are chosen do not use the seed
-name val Use the ec parameters with specified 'short name'
-conv_form val Specifies the point conversion form
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
