Generating EC keys with certtool

Fabrice Gautier fabrice.gautier at gmail.com
Thu Nov 10 06:53:36 CET 2011


Hi,

When i generate an EC key with certtool,I get this:

$ /usr/local/bin/certtool -p --ecc
Generating a 224 bit ECC private key...
Public Key Info:
	Public Key Algorithm: ECC
	Key Security Level: Normal

curve:	SECP224R1
private key:
	68:28:11:b0:30:0d:ff:cd:62:5f:4a:9e:47:26:de:
	3c:a9:6a:7e:66:34:36:6d:c6:64:94:3a:21:
x:
	00:85:dc:f2:83:e7:0d:87:5a:0f:ac:0a:af:ec:93:
	7b:b8:b8:89:ce:03:46:8a:23:06:91:8e:95:03:
y:
	4b:b3:f9:23:62:aa:b7:0d:5e:0f:ea:0d:76:91:66:
	f3:02:68:7d:6b:3f:cc:5f:15:87:d1:54:76:

Public Key ID: 51:0D:86:15:74:B3:F6:38:58:AC:25:C0:A9:3E:AF:C8:A7:73:71:E0

-----BEGIN EC PRIVATE KEY-----
MGgCAQEEHEuz+SNiqrcNXg/qDXaRZvMCaH1rP8xfFYfRVHagBwYFK4EEACGhPAM6
AASF3PKD5w2HWg+sCq/sk3u4uInOA0aKIwaRjpUDS7P5I2Kqtw1eD+oNdpFm8wJo
fWs/zF8Vh9FUdg==
-----END EC PRIVATE KEY-----


I am pretty sure that this command used to (in 3.0.5) only output the
encoded part, not the textual part.
This also end up in the file when specifying a file with --outfile
The textual part should be output on stderr, if at all. The
"Generating a 224 bit ECC private key..." message is indeed output on
stderr.

It seems that certtool itself does not mind this extra text, but
openssl seems to mind.




More information about the Gnutls-help mailing list