一、简介

椭圆曲线密钥参数生成及操作

二、语法

openssl ecparam [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-noout] [-text] [-C] [-check] [-name arg] [-list_curve] [-conv_form arg] [-param_enc arg] [-no_seed] [-rand file(s)] [-genkey] [-engine id]

选项

-inform arg       input format - default PEM (DER or PEM)
-outform arg output format - default PEM
-in arg input file - default stdin
-out arg output file - default stdout
-noout do not print the ec parameter
-text print the ec parameters in text form
-check validate the ec parameters
-C print a 'C' function creating the parameters
-name arg use the ec parameters with 'short name' name
-list_curves prints a list of all currently available curve 'short names'
-conv_form arg specifies the point conversion form
possible values: compressed
uncompressed (default)
hybrid
-param_enc arg specifies the way the ec parameters are encoded
in the asn1 der encoding
possible values: named_curve (default)
explicit
-no_seed if 'explicit' parameters are choosen do not use the seed
-genkey generate ec key
-rand file files to use for random number input
-engine e use engine e, possibly a hardware device

三、实例

1、创建EC参数和私钥文件

openssl ecparam -out ec_param.pem -name prime256v1 -param_enc explicit -genkey

Openssl ecparam命令-LMLPHP

2、查看EC私钥

openssl ecparam -in ec_param.pem -text

Openssl ecparam命令-LMLPHP

3、验证EC参数

openssl ecparam -in ec_param.pem -check

Openssl ecparam命令-LMLPHP

4、签发ECC证书

openssl ecparam -out EccCA.key -name prime256v1 -genkey
openssl req -config openssl.cnf -key EccCA.key -new -out EccCA.req
openssl x509 -req -in EccCA.req -signkey EccCA.key -out EccCA.pem
openssl ecparam -out EccSite.key -name prime256v1 -genkey
openssl req -config openssl.cnf -key EccSite.key -new -out EccSite.req
openssl x509 -req -in EccSite.req -CA EccCA.pem -CAkey EccCA.key -out EccSite.pem -CAcreateserial
05-23 20:00