Generating ECDSA K1 and R1 keys using OpenSSL in Linux

Posted on In Linux, Software, Tutorial

ECDSA keys are commonly used in various areas like blockchains. OpenSSL is a commonly used tools in Linux for handling signature/encryption/decryption. This post introduces how to generate ECDSA keys using OpenSSL in Linux.

Generate keys for K1 secp256k1 elliptic curve

We start with K1 (secp256k1) as the example. To generae ECDSA keys using other curves, the changes need is only to replace the secp256k1 with the name for the other curves (e.g. prime256v1 for R1 curve).

Generates a private key using the K1 secp256k1 elliptic curve

Run following command to generate a private key in PEM format using OpenSSL:

openssl ecparam -genkey -name secp256k1 -noout -out privatekey.pem

This command generates a private key using the secp256k1 elliptic curve and saves it to a file privatekey.pem.

Extracts the public key from the private key

Run the following command to extract the public key from the private key using OpenSSL:

openssl ec -in privatekey.pem -pubout -out publickey.pem

This command extracts the public key from the private key and saves it to a file publickey.pem.

You have generated ECDSA keys using OpenSSL in Linux.

The key files for the generated ECDSA keys:

  • privatekey.pem – the private key in PEM format on the secp256k1 curve.
  • publickey.pem – the public key in PEM format.

Here is one example

$ openssl ecparam -genkey -name secp256k1 -noout -out privatekey.pem

$ openssl ec -in privatekey.pem -pubout -out publickey.pem
read EC key
writing EC key

$ cat privatekey.pem 
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIFST15JJ5ANdAqaD1tmco/LLdJrGKLX34y/5UB5yVNKpoAcGBSuBBAAK
oUQDQgAE8TxMNXlBseWGsB6EOd9B/pCbL9pytoGbYQnXzkh15FJYTONfT4v1NMDQ
EGqPBsXoB5ib1qEprJyTIcI5iSpa2Q==
-----END EC PRIVATE KEY-----

$ cat publickey.pem 
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE8TxMNXlBseWGsB6EOd9B/pCbL9pytoGb
YQnXzkh15FJYTONfT4v1NMDQEGqPBsXoB5ib1qEprJyTIcI5iSpa2Q==
-----END PUBLIC KEY-----

Generate keys for R1 prime256v1 elliptic curve

Now let’s see how to generate keys for the R1 prime256v1 curve.

Generates a private key using the R1 prime256v1 elliptic curve

Run following command to generate a private key in PEM format using OpenSSL:

openssl ecparam -genkey -name prime256v1 -noout -out privatekey.pem

This command generates a private key using the prime256v1 elliptic curve and saves it to a file privatekey.pem.

Extracts the public key from the private key

Run the following command to extract the public key from the private key using OpenSSL:

openssl ec -in privatekey.pem -pubout -out publickey.pem

This command extracts the public key from the private key and saves it to a file publickey.pem.

You have generated ECDSA R1 keys using OpenSSL in Linux.

Here is one example

$ openssl ecparam -genkey -name prime256v1 -noout -out privatekey.pem

$ openssl ec -in privatekey.pem -pubout -out publickey.pem
read EC key
writing EC key

$ cat privatekey.pem 
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIM/JKuju/z2cXOZS+MosuDUrJEa5sLJFG/sZ+vAeA0SdoAoGCCqGSM49
AwEHoUQDQgAE8X66w2OGsUcNmX0SSxQEL7DpIhPO8RcMRATRzcq51tF9iAr1+L+8
wtqMlc1musmgA93z9cO1ICv8bLh91Wp+Dw==
-----END EC PRIVATE KEY-----

$ cat publickey.pem 
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8X66w2OGsUcNmX0SSxQEL7DpIhPO
8RcMRATRzcq51tF9iAr1+L+8wtqMlc1musmgA93z9cO1ICv8bLh91Wp+Dw==
-----END PUBLIC KEY-----

With the keys, more cryptographic operation like signing/verification/encryption/decryption can be further performed. Note if they keys you generated are for serious usage, do make sure the execution environment is secured.

Leave a Reply

Your email address will not be published. Required fields are marked *