Introduction
The example 'C' program eckeycreate.c demonstrates how to generate elliptic curve cryptography (ECC) key pairs, using the OpenSSL library functions.
Example Code Listing
/* ------------------------------------------------------------ *
* file: eckeycreate.c *
* purpose: Example code for creating elliptic curve *
* cryptography (ECC) key pairs *
* author: 01/26/2015 Frank4DD *
* *
* gcc -o eckeycreate eckeycreate.c -lssl -lcrypto *
* ------------------------------------------------------------ */
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/ec.h>
#include <openssl/pem.h>
#define ECCTYPE "secp521r1"
int main() {
BIO *outbio = NULL;
EC_KEY *myecc = NULL;
EVP_PKEY *pkey = NULL;
int eccgrp;
/* ---------------------------------------------------------- *
* These function calls initialize openssl for correct work. *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();
/* ---------------------------------------------------------- *
* Create the Input/Output BIO's. *
* ---------------------------------------------------------- */
outbio = BIO_new(BIO_s_file());
outbio = BIO_new_fp(stdout, BIO_NOCLOSE);
/* ---------------------------------------------------------- *
* Create a EC key sructure, setting the group type from NID *
* ---------------------------------------------------------- */
eccgrp = OBJ_txt2nid("secp521r1");
myecc = EC_KEY_new_by_curve_name(eccgrp);
/* -------------------------------------------------------- *
* For cert signing, we use the OPENSSL_EC_NAMED_CURVE flag*
* ---------------------------------------------------------*/
EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE);
/* -------------------------------------------------------- *
* Create the public/private EC key pair here *
* ---------------------------------------------------------*/
if (! (EC_KEY_generate_key(myecc)))
BIO_printf(outbio, "Error generating the ECC key.");
/* -------------------------------------------------------- *
* Converting the EC key into a PKEY structure let us *
* handle the key just like any other key pair. *
* ---------------------------------------------------------*/
pkey=EVP_PKEY_new();
if (!EVP_PKEY_assign_EC_KEY(pkey,myecc))
BIO_printf(outbio, "Error assigning ECC key to EVP_PKEY structure.");
/* -------------------------------------------------------- *
* Now we show how to extract EC-specifics from the key *
* ---------------------------------------------------------*/
myecc = EVP_PKEY_get1_EC_KEY(pkey);
const EC_GROUP *ecgrp = EC_KEY_get0_group(myecc);
/* ---------------------------------------------------------- *
* Here we print the key length, and extract the curve type. *
* ---------------------------------------------------------- */
BIO_printf(outbio, "ECC Key size: %d bit\n", EVP_PKEY_bits(pkey));
BIO_printf(outbio, "ECC Key type: %s\n", OBJ_nid2sn(EC_GROUP_get_curve_name(ecgrp)));
/* ---------------------------------------------------------- *
* Here we print the private/public key data in PEM format. *
* ---------------------------------------------------------- */
if(!PEM_write_bio_PrivateKey(outbio, pkey, NULL, NULL, 0, 0, NULL))
BIO_printf(outbio, "Error writing private key data in PEM format");
if(!PEM_write_bio_PUBKEY(outbio, pkey))
BIO_printf(outbio, "Error writing public key data in PEM format");
/* ---------------------------------------------------------- *
* Free up all structures *
* ---------------------------------------------------------- */
EVP_PKEY_free(pkey);
EC_KEY_free(myecc);
BIO_free_all(outbio);
exit(0);
}
Compiling the Code
Compile the test program with:
> gcc -o eckeycreate eckeycreate.c -lssl -lcrypto
Example Output
The program will create and display a new elliptic curve cryptography (ECC) key pair, similar to the output shown below:
fm@susie:~> ./eckeycreate ECC Key size: 521 bit ECC Key type: secp521r1 -----BEGIN PRIVATE KEY----- MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBQOUuE8ufDf+Q+FFx xc3UQlHloubU4fXa9HEk//48aBGdGZj2uxIyoUiLO9PLTHu823kK9WfezMIpIkl/ 7J7oAYKhgYkDgYYABAFh1OkiwOgQcwJ5VdmF/wth8oRPuSBqcvTOpl5UJngZMxkA CfrSLiw3LCl+mrTS6NvNsUFxMyH1mU9peiLyHC2BBQFmN4TqGMOwZISjhzdzL6yV IEkqu/vNEcHAfLkgvplhCYI4SDbf4teTlNFLsFI6CdT2dYSf2oPlC1NYtQzwclVy Jw== -----END PRIVATE KEY----- -----BEGIN PUBLIC KEY----- MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBYdTpIsDoEHMCeVXZhf8LYfKET7kg anL0zqZeVCZ4GTMZAAn60i4sNywpfpq00ujbzbFBcTMh9ZlPaXoi8hwtgQUBZjeE 6hjDsGSEo4c3cy+slSBJKrv7zRHBwHy5IL6ZYQmCOEg23+LXk5TRS7BSOgnU9nWE n9qD5QtTWLUM8HJVcic= -----END PUBLIC KEY-----
Remarks
Note: The list of possible ECC key types (curves) can be shown using the command openssl ecparam -list_curves.
Using ECC keys for certificate generation can also be seen and tested in WebCert.