Search icon
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Demystifying Cryptography with OpenSSL 3.0

You're reading from  Demystifying Cryptography with OpenSSL 3.0

Product type Book
Published in Oct 2022
Publisher Packt
ISBN-13 9781800560345
Pages 342 pages
Edition 1st Edition
Languages
Author (1):
Alexei Khlebnikov Alexei Khlebnikov
Profile icon Alexei Khlebnikov

Table of Contents (20) Chapters

Preface 1. Part 1: Introduction
2. Chapter 1: OpenSSL and Other SSL/TLS Libraries 3. Part 2: Symmetric Cryptography
4. Chapter 2: Symmetric Encryption and Decryption 5. Chapter 3: Message Digests 6. Chapter 4: MAC and HMAC 7. Chapter 5: Derivation of an Encryption Key from a Password 8. Part 3: Asymmetric Cryptography and Certificates
9. Chapter 6: Asymmetric Encryption and Decryption 10. Chapter 7: Digital Signatures and Their Verification 11. Chapter 8: X.509 Certificates and PKI 12. Part 4: TLS Connections and Secure Communication
13. Chapter 9: Establishing TLS Connections and Sending Data over Them 14. Chapter 10: Using X.509 Certificates in TLS 15. Chapter 11: Special Usages of TLS 16. Part 5: Running a Mini-CA
17. Chapter 12: Running a Mini-CA 18. Index 19. Other Books You May Enjoy

How to generate an elliptic curve keypair

I want to demonstrate the traditional approach to digital signatures when a message digest of the input data is signed. Hence, we will use ECDSA, not EdDSA, in our examples.

As we already know, a new keypair can be generated using the openssl genpkey subcommand. We will generate an EC keypair of the longest length available in OpenSSL, 570 bits, based on the NIST B-571 curve:

$ openssl genpkey \
    -algorithm EC \
    -pkeyopt ec_paramgen_curve:secp521r1 \
    -out ec_keypair.pem

Here, we have used the -pkeyopt ec_paramgen_curve:secp521r1 switch to specify that we want to use the NIST B-571 curve. Which other curve names could be used instead of secp521r1? The full list of supported curves can be obtained using the following command:

$ openssl ecparam -list_curves

Once the keypair has been generated and written into the ec_keypair.pem file, we can inspect its structure...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime}