- 環境 windows Ubuntu
-
$ openssl version: OpenSSL 1.1.0g 2 Nov 2017
How
$ openssl ecparam -list_curvesにて利用できる暗号化方式を確認
$ openssl ecparam -list_curves | grep prime256
prime256v1: X9.62/SECG curve over a 256 bit prime field
秘密鍵を生成
$ openssl ecparam -genkey -name prime256v1 -noout -out pri.key
cipherを確認し、共通かぎ暗号の方式を選ぶ
cipher suiteの読み方については、こちらがよさそうです
* http://tkengo.github.io/blog/2015/12/01/https-details/
$ openssl ciphers -v
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
(割愛)
秘密鍵に共通かぎ暗号をかける(パスフレーズ追加)
例として、AES256を利用
$ openssl ec -in pri.key -out enpri.key -aes256
read EC key
writing EC key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
成果物
普通のprime256v1秘密鍵
$ cat pri.key
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJOjJWxdxGBlnBYy9tOJWfTGCtbanS/iC1X0N5RbDAD5oAoGCCqGSM49
AwEHoUQDQgAEesAHJIt4lBguMKh0sB24YXthigYxky0RZJ/ebJgAdHruxbXvZNkg
09vDEN6Q5r92kamRt3OsruCSU3wInH2VgA==
-----END EC PRIVATE KEY-----
AES256で公開鍵暗号(パスフレーズ)をかけたprime256v1秘密鍵
$ cat enpri.key
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,BEEB292B7D682E73761627BCE063321B
/ijzSFuJGCO3dyMl/8PfUo8I0VvPSfumrJF6sn647T+xQuWQyWoUyQuaHw2azkaM
eWrAsHn6dGe/okerAwkJvr1N2FK1cDZPPOyF0hkeBTxgg773QdN6UpzAossHMBUr
WqiRhM7YLh8hl8ve4uaUne98yMVN+rDo2OFu47uSmhg=
-----END EC PRIVATE KEY-----
補遺
公開鍵にする方法は同様
$ openssl ec -in pri.key -pubout -out pub.key
read EC key
writing EC key
$ openssl ec -in enpri.key -pubout -out enpub.key
read EC key
Enter PEM pass phrase:
writing EC key
CSR発行も同様
$ openssl req -new -sha256 -key pri.key -out pricrt.pem
$ openssl req -new -sha256 -key enpri.key -out enpricrt.pem
Enter pass phrase for enpri.key: