EC private key and domain parameters using OpenSSL

Question

First of all, sorry for my ignorance, I'm new at cryptography. I'm trying to generate a public key for use with elliptic curves given the private key.

So, at the moment I have:

1. The curve I will be using y^2 = x^3 - ax + b (prime256v1)

2. A .pem file with a private key.

The first question is, does the private key have to be random? I mean, can it be whatever I want?

When I use the OpenSSL command:

openssl ecparam -in private.pem -name prime256v1 -out public.pem

If I do a cat of public.pem I get:

-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----

But there is no public key.

The second question is, does anyone know what I'm doing wrong?

Thanks in advance.

Answer 1

A .pem file with a private key. I have here the first question. The private key can be random? I mean, can it be whatever I want?

No. The parameter S of the private key can be random, but the ASN.1 -> DER -> PEM encoded private key - which includes the parameters - can't.

openssl ecparam -in private.pem -name prime256v1 -out public.pem ... But there is no public key, anyone know what I'm doing wrong?

You need to use the ec command instead, and use -pubout . The .pem that you are currently getting simply contains the name of the curve encoded as OID:

echo "BggqhkjOPQMBBw==" | openssl base64 -d | openssl asn1parse -inform DER

result:

0:d=0  hl=2 l=   8 prim: OBJECT            :prime256v1