ECDSA Secret » History » Version 6
Tobias Brunner, 11.05.2011 12:48
| 1 | 4 | Andreas Steffen | h1. ECDSA Secret |
|---|---|---|---|
| 2 | 1 | Andreas Steffen | |
| 3 | 6 | Tobias Brunner | For the private key file both absolute paths or paths relative to [[IpsecDirectoryPrivate|/etc/ipsec.d/private]] are accepted. If the private key file is encrypted, the passphrase must be defined. Instead of a passphrase _%prompt_ can be used which then causes the daemons to ask the user for the password whenever it is required to decrypt the key. |
| 4 | 1 | Andreas Steffen | |
| 5 | 4 | Andreas Steffen | h2. Notation |
| 6 | 1 | Andreas Steffen | |
| 7 | 6 | Tobias Brunner | [ _<id selectors>_ ] : ECDSA _<private key file>_ [ _<passphrase>_ | _%prompt_ ] |
| 8 | 4 | Andreas Steffen | |
| 9 | 6 | Tobias Brunner | h2. Examples |
| 10 | 1 | Andreas Steffen | |
| 11 | 6 | Tobias Brunner | <pre> |
| 12 | 6 | Tobias Brunner | : ECDSA moonKey.pem |
| 13 | 6 | Tobias Brunner | |
| 14 | 6 | Tobias Brunner | : ECDSA sunKey.der "cjen4*lWnr3jsk" |
| 15 | 6 | Tobias Brunner | </pre> |
| 16 | 1 | Andreas Steffen | |
| 17 | 5 | Tobias Brunner | h2. Creation of an ECDSA key using OpenSSL 0.9.8 |
| 18 | 4 | Andreas Steffen | |
| 19 | 4 | Andreas Steffen | |
| 20 | 4 | Andreas Steffen | You can create an ECDSA key with the _openssl ecparam_ command. |
| 21 | 4 | Andreas Steffen | <pre> |
| 22 | 1 | Andreas Steffen | openssl ecparam -list_curves |
| 23 | 4 | Andreas Steffen | </pre> |
| 24 | 1 | Andreas Steffen | gives you a huge list of available elliptic curves but IKEv2 currently supports |
| 25 | 1 | Andreas Steffen | only the following three curves: |
| 26 | 4 | Andreas Steffen | <pre> |
| 27 | 1 | Andreas Steffen | prime256v1 |
| 28 | 1 | Andreas Steffen | secp384r1 |
| 29 | 1 | Andreas Steffen | secp521r1 |
| 30 | 4 | Andreas Steffen | </pre> |
| 31 | 1 | Andreas Steffen | The creation of an EC key goes like this: |
| 32 | 4 | Andreas Steffen | <pre> |
| 33 | 2 | Andreas Steffen | openssl ecparam -genkey -name secp384r1 -noout -out ecKey.pem |
| 34 | 4 | Andreas Steffen | </pre> |
| 35 | 1 | Andreas Steffen | Verify the content of the key: |
| 36 | 4 | Andreas Steffen | <pre> |
| 37 | 1 | Andreas Steffen | openssl ec -in ecKey.pem -text |
| 38 | 1 | Andreas Steffen | |
| 39 | 1 | Andreas Steffen | read EC key |
| 40 | 1 | Andreas Steffen | Private-Key: (384 bit) |
| 41 | 1 | Andreas Steffen | priv: |
| 42 | 1 | Andreas Steffen | 3c:75:17:c3:97:0b:b4:28:42:8c:b6:f5:56:57:32: |
| 43 | 1 | Andreas Steffen | 2b:c1:ff:e2:ee:62:25:38:04:b1:6a:f5:23:48:e1: |
| 44 | 1 | Andreas Steffen | ba:79:ff:56:64:88:74:92:b7:c2:49:ab:8c:ff:b2: |
| 45 | 1 | Andreas Steffen | 7c:6c:b3 |
| 46 | 1 | Andreas Steffen | pub: |
| 47 | 1 | Andreas Steffen | 04:f2:cd:ca:ae:37:38:8d:98:e0:1c:f4:26:59:af: |
| 48 | 1 | Andreas Steffen | 41:4d:fb:4f:d1:20:10:fb:88:b3:4a:b3:9b:a7:69: |
| 49 | 1 | Andreas Steffen | dc:0b:5c:ef:06:22:6b:8e:08:c3:c2:74:1b:36:12: |
| 50 | 1 | Andreas Steffen | 8b:ee:45:c5:f8:3b:73:6f:0a:a4:c9:7c:e1:e9:a8: |
| 51 | 1 | Andreas Steffen | e2:c9:7c:6f:f1:69:b4:45:ab:d3:45:89:41:6e:68: |
| 52 | 1 | Andreas Steffen | 9d:9a:d2:ee:fd:1a:a1:e6:ca:3f:4a:6b:0d:db:a5: |
| 53 | 1 | Andreas Steffen | ef:93:95:4f:8c:4c:31 |
| 54 | 1 | Andreas Steffen | ASN1 OID: secp384r1 |
| 55 | 2 | Andreas Steffen | |
| 56 | 1 | Andreas Steffen | writing EC key |
| 57 | 1 | Andreas Steffen | -----BEGIN EC PRIVATE KEY----- |
| 58 | 1 | Andreas Steffen | MIGkAgEBBDA8dRfDlwu0KEKMtvVWVzIrwf/i7mIlOASxavUjSOG6ef9WZIh0krfC |
| 59 | 1 | Andreas Steffen | SauM/7J8bLOgBwYFK4EEACKhZANiAATyzcquNziNmOAc9CZZr0FN+0/RIBD7iLNK |
| 60 | 1 | Andreas Steffen | s5unadwLXO8GImuOCMPCdBs2EovuRcX4O3NvCqTJfOHpqOLJfG/xabRFq9NFiUFu |
| 61 | 1 | Andreas Steffen | aJ2a0u79GqHmyj9Kaw3bpe+TlU+MTDE= |
| 62 | 1 | Andreas Steffen | -----END EC PRIVATE KEY----- |
| 63 | 4 | Andreas Steffen | </pre> |