一、简介
椭圆曲线密钥参数生成及操作
二、语法
openssl ecparam [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-noout] [-text] [-C] [-check] [-name arg] [-list_curve] [-conv_form arg] [-param_enc arg] [-no_seed] [-rand file(s)] [-genkey] [-engine id]
选项
-inform arg input format - default PEM (DER or PEM)
-outform arg output format - default PEM
-in arg input file - default stdin
-out arg output file - default stdout
-noout do not print the ec parameter
-text print the ec parameters in text form
-check validate the ec parameters
-C print a 'C' function creating the parameters
-name arg use the ec parameters with 'short name' name
-list_curves prints a list of all currently available curve 'short names'
-conv_form arg specifies the point conversion form
possible values: compressed
uncompressed (default)
hybrid
-param_enc arg specifies the way the ec parameters are encoded
in the asn1 der encoding
possible values: named_curve (default)
explicit
-no_seed if 'explicit' parameters are choosen do not use the seed
-genkey generate ec key
-rand file files to use for random number input
-engine e use engine e, possibly a hardware device
三、实例
1、创建EC参数和私钥文件
openssl ecparam -out ec_param.pem -name prime256v1 -param_enc explicit -genkey
2、查看EC私钥
openssl ecparam -in ec_param.pem -text
3、验证EC参数
openssl ecparam -in ec_param.pem -check
4、签发ECC证书
openssl ecparam -out EccCA.key -name prime256v1 -genkey
openssl req -config openssl.cnf -key EccCA.key -new -out EccCA.req
openssl x509 -req -in EccCA.req -signkey EccCA.key -out EccCA.pem
openssl ecparam -out EccSite.key -name prime256v1 -genkey
openssl req -config openssl.cnf -key EccSite.key -new -out EccSite.req
openssl x509 -req -in EccSite.req -CA EccCA.pem -CAkey EccCA.key -out EccSite.pem -CAcreateserial