2

I am trying to generate public/private key pair using ECDSA curve secp256k1

On generating public key from ec256.pem (private key) the following error is thrown

"Load key "ec256.pem": invalid format"

Commands used to generate private key:

openssl ecparam -name secp256k1 -out secp256k1.pem

openssl ecparam -in secp256k1.pem -genkey -noout -out ec256.pem

chmod 400 ec256.pem

Command used to generate public key:

ssh-keygen -y -f  ec256.pem

Below is the error thrown on running the above cmd ,

Load key "ec256.pem": invalid format

The version being used are

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips

I need to generate public key in ssh format for ec256.pem private key

Improve this question

1 Answer 1

Reset to default
1

If I look at the curves that need to be supported in the standard, RFC 5656: "Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer" (section 10) then I don't see any support listed for secp256k1. Of course, implementations could still implement it, but it would come at the cost of incompatibility with other implementations.

So I think the simple reason that the private key cannot be parsed is because its format is not supported. If you just replace the curve with secp256r1 (a random prime curve rather than the secp256k1 Koblitz curve, note the "r" instead of the "k" in there) then everything runs smoothly and at the same or higher security level. The structure of the private key is identical to the secp256k1 curve, so this clearly shows that the issue is with the curve rather than the file format.

Alternatively you could go for the more fancy Ed25519 curve, likely at the cost of backwards compatibility and more trouble. This may not be compatible with OpenSSL command line, see the comment below.

Improve this answer
3
  • Thank you @Maarten Bodewes... Now I ll have to use secp256r1.
    – Hema Vajravelu
    Commented Mar 29, 2019 at 16:51
  • 1
    Both are prime; r is random vs k is Koblitz. (Or at least claimed random; some people don't trust the people who did the allegedly random generation. There are Qs for that back on crypto.SX; search 'trust NIST curves'.) Also, ssh-keygen since 6.5 (2014) supports ed25519, but using OpenSSH's own file format which is not compatible with OpenSSL; and OpenSSL since 1.1.0 (2016) supports 25519 in TLS but not in files or commandline. It's not clear to me why OP wanted to use OpenSSL to generate the file and if that's important.
    – dave_thompson_085
    Commented Mar 30, 2019 at 2:13
  • I don't know that either. Better not share the keys for other purposes. I could see some uses if a specific kind of engine is used or type of randomness requires, but that's just searching for reasons. Thanks again for the corrections :)
    – Maarten Bodewes
    Commented Mar 30, 2019 at 12:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .