How do I obtain the public key from an ECDSA private key in OpenSSL?

cryptography openssl public-key-encryption elliptic-curve
farmdve picture farmdve · Sep 18, 2012 · Viewed 18.9k times · Source

I am providing this sample application to show my problem

#include <stdio.h>
#include <stdlib.h>
#include <openssl/ec.h>
#include <openssl/bn.h>

int main()
{
     EC_KEY *pkey = NULL;
     EC_POINT *pub_key = NULL;
     const EC_GROUP *group = NULL;
     BIGNUM start;
     BIGNUM *res;
     BN_CTX *ctx;

     BN_init(&start);
     ctx = BN_CTX_new();

     res = &start;
     BN_hex2bn(&res,"3D79F601620A6D05DB7FED883AB8BCD08A9101B166BC60166869DA5FC08D936E");
     pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
     group = EC_KEY_get0_group(pkey);
     pub_key = EC_POINT_new(group);

     EC_KEY_set_private_key(pkey, res);

     assert(EC_POINT_bn2point(group,res, pub_key, ctx)); // Null here

     EC_KEY_set_public_key(pkey, pub_key);


    return 0;
}

What I am trying to do, is to display the Public key from a private key(should an elliptic private key). I did not know how to do it until I encountered a similar problem

How do I feed OpenSSL random data for use in ECDSA signing?

Which is from where I pointed myself how to get the public key and to use EC_POINT_bn2point instead of hex2point which internally does BN_hex2bn according to the OpenSSL source.

So, why is EC_POINT_bn2point returning NULL? I am seriously considering recompiling OpenSSL and putting some debug routines to figure out why it fails.

Answer

indiv picture indiv · Sep 18, 2012

An ECDSA private key d (an integer) and public key Q (a point) is computed by Q = dG, where G is a non-secret domain parameter. Suite B Implementer’s Guide to FIPS 186-3 (ECDSA) describes ECDSA in detail.

OpenSSL uses ECDSA_generate_key to generate a key pair. What it does is generate a private key randomly, and then it does the Q = dG multiplication to compute the public key:

/* pub_key is a new uninitialized `EC_POINT*`.  priv_key is a `BIGNUM*`. */
if (!EC_POINT_mul(ecdsa->group, pub_key, priv_key, NULL, NULL, ctx)) goto err;

So you can do the same thing. If I had the private key, I'd set it as the private key in an EC_KEY or ECDSA struct. Then I'd configure the domain parameters on it. And finally I'd do the EC_POINT_mul to get the public key point.

Related questions

Can org.bouncycastle.openssl.PEMReader read java.security.PrivateKey?

I have following code: PrivateKey key = null; X509Certificate cert = null; KeyPair keyPair = null; final Reader reader = new StringReader(pem); try { final PEMReader pemReader = new PEMReader(reader, new PasswordFinder() { @Override public char[] getPassword() { return password == null ? null : password.toCharArray(); } }); Object …

Read More
How can I sign a file using RSA and SHA256 with .NET?

My application will take a set of files and sign them. (I'm not trying to sign an assembly.) There is a .p12 file that I get the private key from. This is the code I was trying to use, but …

Read More
Digital signature for a file using openssl

Is there a way to digitally sign a x509 certificate or any document using openssl?

Read More