get x and y components from ecc public key in PEM format using openssl

Asked 11/4, 2015 at 21:22 Answered 3/6, 2022 at 5:12

Solved cryptography openssl public-key-encryption elliptic-curve

I am generating a KeyPair for ECC from curve 'secp128r1' using openssl

Steps I followed :

first I generated a private key using the command

openssl ecparam -genkey -name secp128r1 -noout -out private.pem
then i viewed the corresponding public key using the command

openssl ec -in private.pem -text -noout

which showed an output as :

read EC key

Private-Key: (128 bit)
priv:
00:9f:bf:2b:bd:06:86:3a:a1:bc:7c:3e:90:57:40:
f4:bc
pub:
04:04:ce:24:34:d4:cb:f2:58:94:2f:8a:5f:06:d7:
3f:ed:5a:50:ef:fb:cc:b7:49:62:16:62:9e:aa:d5:
30:a8:a5

ASN1 OID: secp128r1

I want explicitly x and y components from the public key generated here, please can anyone suggest the correct way of doing this ?
The above public key is 264 bits long, hence cannot take(/split) it as is
Thanks

Tootsy answered 11/4, 2015 at 21:22 Comment(2)

Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User, Information Security Stack Exchange or Unix & Linux Stack Exchange would be a better place to ask. – Culicid 11/4, 2015 at 22:50

thanks, i'll surely put this one over there. – Tootsy 12/4, 2015 at 0:36

Pub:
04:04:ce:24:34:d4:cb:f2:58:94:2f:8a:5f:06:d7:
3f:ed:5a:50:ef:fb:cc:b7:49:62:16:62:9e:aa:d5:
30:a8:a5

0x04 indicates uncompressed form
From what remains:
- X is first half 04:ce:24:34:d4:cb:f2:58:94:2f:8a:5f:06:d7:3f:ed
- Y is second half 5a:50:ef:fb:cc:b7:49:62:16:62:9e:aa:d5:30:a8:a5

UPD. Found this website that contains further details.

Keratosis answered 29/6, 2017 at 14:5 Comment(2)

Thanks. this is pretty neat – Tootsy 6/7, 2017 at 12:59

Thanks, this is excactly what I want. – Johniejohnna 12/3, 2019 at 2:28

If anyone wants to do this in nodejs, as i did when needing to share public Keys (jwk) for other people/apps to verify my signatures... here is a quick way to derive the X and Y coordinates from an secp256k1 public key:

import base64url from 'base64url';

function getCoordinatesFromSecp256k1PublicKey(uncompressedHexPubKey: string) {
  const publicKeyBuff = Buffer.from(uncompressedHexPubKey, 'hex');
  const pubKeyCoordsBuff = publicKeyBuff.slice(1); // First byte just signals that it is uncompressed. TRASH!
  const halfLen = Buffer.byteLength(pubKeyCoordsBuff) / 2; // should be 32;
  const x = pubKeyCoordsBuff.slice(0, halfLen);
  const y = pubKeyCoordsBuff.slice(halfLen, Buffer.byteLength(pubKeyCoordsBuff) + 1);
  return {
    x: base64url.fromBase64(x.toString('base64')),
    y: base64url.fromBase64(y.toString('base64'))
  };
}

This way you can return your JWK data thusly:

const { x, y } = getCoordinatesFromSecp256k1PublicKey(pubKey);

JSON.stringify(
    {
      use: 'sig',
      kid: 'my-keyid',
      alg: 'ECDSA',
      kty: 'EC',
      crv: 'P-256',
      x,
      y,
    },
    null,
    2
  )

Alfrediaalfredo answered 3/6, 2022 at 5:12 Comment(0)

Recommended topics

Hot tags