Like suggested in this example an elliptic curve is defined by the prime p that is the number of elements of the finite field and an equation: Curve = y² = x³ + ax + b
in real cases, for example for Google certificate, is it possible to find a,b, p** using OpenSSL? I have tried Googling and find this answer myself but I had found anything.
There are three ways to represent EC parameters within certificates. I'll discuss the most commonly used ones: explicit parameters and named curves.
Explicit EC (domain) parameters are exactly what the name implies: they are values directly put in the certificate. The application that reads in the public key can directly create a full EC public key out of the domain parameters and the value of W, the public point.
Named curves however only identify a previously specified set of domain parameters. They are normally simply represented as strings in software. However in certificates and other ASN.1 DER objects they are represented by ASN.1 OID's. OID's are unique strings of the form 1.2.3 etc. that first represent a registration office, then an organization etc.
If you put your Google certificate in ASN.1 parse you will find one of these OID's, already helpfully transformed into a String:
openssl asn1parse -in google_ec.cer
will yield:
...
251:d=3 hl=2 l= 19 cons: SEQUENCE
253:d=4 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
262:d=4 hl=2 l= 8 prim: OBJECT :prime256v1
...
A quick search will find RFC 5480, which refers to the secp256r1 (see 2.4.2) or NIST P-256 elliptic curve. The latter two define all the parameters of the curve, except W of course. Often it is easier to find these curve parameters from existing software though as the standards may not represent them in a useful format for your specific runtime environment.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments