楕円曲線暗号 >

OpenSSLによる楕円曲線暗号の利用

キーペア生成

キーペアのみを生成

  • 以下の例では、secp224r1(SECP*1 224 bit 推奨曲線パラメータ、別名 NIST*2 P-224推奨曲線)の設定でキーペアを生成しています。
    # openssl ecparam -genkey -name secp224r1 -out ec-key.pem
    $ openssl ec -in ec-key.pem -text -noout
    read EC key
    Private-Key: (224 bit)
    priv:
        00:fd:22:82:2b:32:8a:57:bc:d9:57:89:d4:a4:04:
        52:d5:3f:cd:a3:27:b6:98:20:f4:d3:c5:8b:85
    pub:
        04:fb:d6:65:2d:75:32:36:3f:f1:dd:40:7d:04:33:
        e0:f1:48:0f:52:4d:a0:5f:8e:b4:d6:30:d4:fe:af:
        9d:f5:e9:0d:ed:1e:d0:81:c9:0b:f2:0d:c9:93:32:
        bb:7d:5e:dc:f6:5a:72:30:52:fc:ae:53
    ASN1 OID: secp224r1

キーペア、証明書署名要求を一度に生成

  • まず、楕円曲線パラメータを出力後、それを使用してキーペアと証明書署名要求(CSR)を生成します。デフォルトでは、署名アルゴリズムは、ecdsa-with-SHA1 になるようです。
    $ openssl ecparam -out eckey.ecparam -name secp224r1
    # openssl req -new -newkey ec:eckey.ecparam -subj "/C=JP/ST=State/L=City/O=Org./OU=EC Test Div./CN=Test Key" \
    > -keyout eckey.pem -out eccsr.pem
    Generating a 224 bit EC private key
    writing new private key to 'eckey.pem'
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    -----
    $ openssl ec -in eckey.pem -text -noout
    read EC key
    Enter PEM pass phrase:
    Private-Key: (224 bit)
    priv:
        76:3a:9e:be:a6:21:5c:8f:c5:de:3e:a1:c9:8e:fc:
        e4:ee:9f:f8:7b:7c:7b:25:e8:f7:0e:62:95
    pub:
        04:f8:75:72:f3:9e:b8:87:91:58:82:f9:d0:93:e0:
        53:aa:63:b5:89:a8:9c:2c:47:7e:c9:3d:a0:51:bb:
        13:8d:a0:9a:b5:7d:1d:15:d6:19:1a:e6:a8:3e:36:
        06:47:48:24:b4:89:7b:4e:4b:d0:e6:3f
    ASN1 OID: secp224r1
    $ openssl req -in eccsr.pem -text -noout
    Certificate Request:
        Data:
            Version: 0 (0x0)
            Subject: C=JP, ST=State, L=City, O=Org., OU=EC Test Div., CN=Test Key
            Subject Public Key Info:
                Public Key Algorithm: id-ecPublicKey
                EC Public Key:
                    pub:
                        04:f8:75:72:f3:9e:b8:87:91:58:82:f9:d0:93:e0:
                        53:aa:63:b5:89:a8:9c:2c:47:7e:c9:3d:a0:51:bb:
                        13:8d:a0:9a:b5:7d:1d:15:d6:19:1a:e6:a8:3e:36:
                        06:47:48:24:b4:89:7b:4e:4b:d0:e6:3f
                    ASN1 OID: secp224r1
            Attributes:
                a0:00
        Signature Algorithm: ecdsa-with-SHA1
            30:3c:02:1c:3c:d2:5d:57:2d:eb:3e:03:2e:5b:24:98:a7:f4:
            18:32:18:48:3b:af:0a:ce:40:26:81:8e:54:07:02:1c:59:43:
            eb:10:1e:cc:c2:51:98:ee:25:d9:6b:a9:6d:fc:a8:90:65:d0:
            b3:f8:b1:1e:8f:86:bf:0a

キーペア、自己署名証明書を一度に生成

  • 前節と同じ要領で生成します。-x509 が証明書署名要求の代わりに自己署名証明書を生成するオプションです。
    $ openssl ecparam -out eckey.ecparam -name secp224r1
    # openssl req -new -x509 -days 3650 -newkey ec:eckey.ecparam \
    > -subj "/C=JP/ST=State/L=City/O=Org./OU=EC Test Div./CN=Test Key" -keyout eckey.pem -out eccert.pem
    Generating a 224 bit EC private key
    writing new private key to 'eckey.pem'
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    -----
    $ openssl x509 -in eccert.pem -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                97:e1:68:ab:e4:eb:ce:13
            Signature Algorithm: ecdsa-with-SHA1
            Issuer: C=JP, ST=State, L=City, O=Org., OU=EC Test Div., CN=Test Key
            Validity
                Not Before: May 19 12:10:51 2009 GMT
                Not After : May 17 12:10:51 2019 GMT
            Subject: C=JP, ST=State, L=City, O=Org., OU=EC Test Div., CN=Test Key
            Subject Public Key Info:
                Public Key Algorithm: id-ecPublicKey
                EC Public Key:
                    pub:
                        04:0c:ec:0d:bb:be:bc:a8:4b:f1:a7:fe:f6:ba:a8:
                        e4:d0:f4:b8:fa:4c:ea:76:f3:f0:86:c6:ed:08:a1:
                        97:60:77:19:86:c5:bb:21:08:73:da:b6:14:3e:c9:
                        2b:4f:21:35:f6:17:91:01:88:42:f6:fe
                    ASN1 OID: secp224r1
            X509v3 extensions:
                X509v3 Subject Key Identifier:
                    6E:63:33:A2:19:83:6C:B1:FC:F6:13:98:40:F6:88:58:9C:AD:FB:06
                X509v3 Authority Key Identifier:
                    keyid:6E:63:33:A2:19:83:6C:B1:FC:F6:13:98:40:F6:88:58:9C:AD:FB:06
                    DirName:/C=JP/ST=State/L=City/O=Org./OU=EC Test Div./CN=Test Key
                    serial:97:E1:68:AB:E4:EB:CE:13
    
                X509v3 Basic Constraints:
                    CA:TRUE
        Signature Algorithm: ecdsa-with-SHA1
            30:3e:02:1d:00:8b:39:90:13:4e:23:16:0c:b1:53:69:54:da:
            d8:52:3b:c2:44:d8:5d:40:1f:29:e3:0a:ee:cc:95:02:1d:00:
            8c:5f:44:b7:5b:f9:55:59:f5:99:a0:1d:79:13:f6:93:35:56:
            b4:15:fe:cb:46:5a:b3:97:fe:20

認証局(CA)の作成(未完

  1. 今回は段階を踏んで、まず認証局用のキーペアを生成します。続けてキーを暗号化しておきたいところですが、マニュアルにあるものの ec サブコマンドの -des オプションなどが有効ではないようです。
    # openssl ecparam -genkey -name secp224r1 -out cakey.pem
  2. 次に ecdsa-with-SHA256 で署名した自己署名証明書を作成します。しかし、-sha256 指定にもかかわらず、SHA1で署名されてしまいます(エラーにはなりません)。このバージョン(0.9.8g)の OpenSSL では、ecdsa-with-SHA256 に対応していないようです。1.0.0-beta1 の変更履歴によると、ecdsa-with-SHA224/256/384/512 のサポートは、1.0.0 からのようです*3
    $ openssl req -new -x509 -days 3650 -sha256 -key cakey.pem \
    > -subj "/C=JP/ST=State/L=City/O=Org./OU=EC Test Div./CN=EC Test CA" -out cacert.pem
    ...
    $ openssl x509 -text -noout -in cacert.pem
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                a0:18:ee:79:f7:5e:c4:b0
            Signature Algorithm: ecdsa-with-SHA1
            Issuer: C=JP, ST=State, L=City, O=Org., OU=EC Test Div., CN=EC Test CA
            Validity
                Not Before: May 17 10:56:48 2009 GMT
                Not After : May 15 10:56:48 2019 GMT
            Subject: C=JP, ST=State, L=City, O=Org., OU=EC Test Div., CN=EC Test CA
            Subject Public Key Info:
                Public Key Algorithm: id-ecPublicKey
                EC Public Key:
                    pub: 
                        04:55:45:e2:ef:6e:35:28:ee:76:7f:4d:9b:17:4b:
                        6b:35:3e:28:50:32:2f:88:3b:86:d2:94:b7:4c:79:
                        9e:dd:03:41:e8:8e:db:9b:47:86:15:45:1a:dd:0b:
                        be:9f:69:dd:99:5e:f9:d6:87:ea:ef:89
                    ASN1 OID: secp224r1
            X509v3 extensions:
                X509v3 Subject Key Identifier: 
                    FD:8F:CB:13:89:EC:50:93:CC:38:2D:36:FF:21:40:D1:E4:1A:A3:BA
                X509v3 Authority Key Identifier: 
                    keyid:FD:8F:CB:13:89:EC:50:93:CC:38:2D:36:FF:21:40:D1:E4:1A:A3:BA
                    DirName:/C=JP/ST=State/L=City/O=Org./OU=EC Test Div./CN=EC Test CA
                    serial:A0:18:EE:79:F7:5E:C4:B0
    
                X509v3 Basic Constraints: 
                    CA:TRUE
        Signature Algorithm: ecdsa-with-SHA1
            30:3d:02:1d:00:e3:2f:73:4f:b2:cf:97:a7:f8:05:ec:4c:47:
            63:be:b5:f7:64:a1:84:5d:05:75:b2:3d:c0:3d:e5:02:1c:7a:
            f4:9b:b3:1d:04:60:a2:fd:03:7a:b4:a4:d8:0d:95:87:05:38:
            ca:19:d9:8a:35:e8:94:0b:46

関連コマンド

  • ecparam サブコマンドの使用法は以下の通り。詳細は、manマニュアルで(ecparam(1))。
    ecparam [options] <infile >outfile
    where options are
     -inform arg       input format - default PEM (DER or PEM)
     -outform arg      output format - default PEM
     -in  arg          input file  - default stdin
     -out arg          output file - default stdout
     -noout            do not print the ec parameter
     -text             print the ec parameters in text form
     -check            validate the ec parameters
     -C                print a 'C' function creating the parameters
     -name arg         use the ec parameters with 'short name' name
     -list_curves      prints a list of all currently available curve 'short names'
     -conv_form arg    specifies the point conversion form
                       possible values: compressed
                                        uncompressed (default)
                                        hybrid
     -param_enc arg    specifies the way the ec parameters are encoded
                       in the asn1 der encoding
                       possible values: named_curve (default)
                                        explicit
     -no_seed          if 'explicit' parameters are choosen do not use the seed
     -genkey           generate ec key
     -rand file        files to use for random number input
     -engine e         use engine e, possibly a hardware device
  • ec サブコマンドの使用法は以下の通り。詳細は、manマニュアルで(ec(1))。
    ec [options] <infile >outfile
    where options are
     -inform arg     input format - DER or PEM
     -outform arg    output format - DER or PEM
     -in arg         input file
     -passin arg     input file pass phrase source
     -out arg        output file
     -passout arg    output file pass phrase source
     -engine e       use engine e, possibly a hardware device.
     -des            encrypt PEM output, instead of 'des' every other
                     cipher supported by OpenSSL can be used
     -text           print the key
     -noout          don't print key out
     -param_out      print the elliptic curve parameters
     -conv_form arg  specifies the point conversion form
                     possible values: compressed
                                      uncompressed (default)
                                       hybrid
     -param_enc arg  specifies the way the ec parameters are encoded
                     in the asn1 der encoding
                     possilbe values: named_curve (default)
                                      explicit

*1 Standards for Efficient Cryptography Group
*2 National Institute of Standards and Technology アメリカ国立標準技術研究所
*3 1.0.0beta2 でテストしてみましたが、3085073096:error:2A065065:lib(42):ECDSA_do_sign:data too large for key size:ecs_ossl.c:265: というエラーが発生してしまいます。

トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2009-05-19 (火) 21:42:50 (3529d)