openssl - How to export an EC private key from p12

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

乐观的皮带 · 边缘计算产业联盟· 4 天前 ·

玉树临风的青蛙 · Generating EC keys ...· 1 月前 ·

热心肠的香菇 · EC-Council Privacy ...· 2 月前 ·

有胆有识的仙人掌 · Sharing certificate ...· 3 月前 ·

冲动的凉茶 · VBA修改教程 + EC转VBA + ...· 5 月前 ·

玩命的拖把 · 《小丑》已经崛起了，华纳还需要为DC之前的问 ...· 2 周前 ·

温暖的西瓜 · 欢迎访问环境科学编辑部网站！· 1 月前 ·

坚韧的啤酒 · 人口民族_福建概况_福建省委台港澳工作办公室· 3 月前 ·

不拘小节的毛衣 · 循序渐进介绍基于CommunityToolk ...· 5 月前 ·

听话的手套 · 每个分类取最新的几条的SQL实现 ...· 1 年前 ·

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Super User is a question and answer site for computer enthusiasts and power users. It only takes a minute to sign up.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I have a p12 store. I have read about export like this openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes but it doesn't export in EC format.

How do I do I use openssl to export the private key in EC format?

I read that the exported key should begin with -----BEGIN EC PRIVATE KEY-----

Are you sure your .p12 contains an EC key? If you were able to successfully export a private key, and it called itself an RSA or DSA private key, then that's what kind of key you have inside that .p12. You can't "convert" an RSA or DSA key to EC; they're completely separate algorithms based on completely different math. It's not like they're just big random numbers that you can choose to use with any algorithm you'd like. – Spiff Sep 1, 2020 at 20:00 Well if the command you wrote in your Question created a .pem file that just says "-----BEGIN PRIVATE KEY-----" without specifying the type, you could try using


    openssl ec -in newfile.key.pem -text

to see if it's parsable as an EC key. If it says it can't load the key, change the subcommand from

ec

rsa

in my command, to see if it parses as RSA. If that still fails, change the subcommand to

dsa

. One of those should work. – Spiff Sep 1, 2020 at 21:05 The rsa version of the command worked 👍. Do I need to go through some steps to convert it to ec now? rsa -> der -> ec? – joels Sep 1, 2020 at 21:52 It is mathematically impossible to convert an RSA key to an EC key. They are based on completely different underlying mathematical principles. If you need an EC-based key pair, you'll need to generate an EC-based key pair from scratch. It won't be in any way related to your current RSA key pair in your current .p12, because EC and RSA are based on completely separate mathematical algorithms. – Spiff Sep 1, 2020 at 23:50

If you are certain that your key is in fact an EC key, you are halfway there.
Once exported the key with

 openssl pkcs12 -in path.p12 -nodes -nocerts -out newfile.key.pem
then convert it to EC PRIVATE KEY using below command
openssl ec -in newfile.key.pem -out ec.key.pem
More info here

推荐文章

乐观的皮带 · 边缘计算产业联盟

4 天前

玉树临风的青蛙 · Generating EC keys with OpenSSL - Authlib

1 月前

热心肠的香菇 · EC-Council Privacy policy - User and company | EC-Council

2 月前

有胆有识的仙人掌 · Sharing certificate and EC private key to Third party company - Help - Caddy Community

3 月前

冲动的凉茶 · VBA修改教程 + EC转VBA + Codebreaker - 游戏综合讨论区 - Nw BBS 壬天堂世界 - Powered by Discuz!

5 月前

玩命的拖把 · 《小丑》已经崛起了，华纳还需要为DC之前的问题“背锅”吗？

2 周前

温暖的西瓜 · 欢迎访问环境科学编辑部网站！

1 月前

坚韧的啤酒 · 人口民族_福建概况_福建省委台港澳工作办公室

3 月前

不拘小节的毛衣 · 循序渐进介绍基于CommunityToolkit.Mvvm 和HandyControl的WPF应用端开发(12) -- 使用代码生成工具Database2Sharp生成WPF界面代码 - 神斧学堂，一

5 月前

听话的手套 · 每个分类取最新的几条的SQL实现　_www.yyz168.info的技术博客_51CTO博客

1 年前

Stack Exchange Network