bitnuts.de logo   Downloads About Contact

OpenSSL and brainpool elliptic curves

I have updated my collection of OpenSSL-ready brainpool curves and added some more curves into the ZIP file, so you can make use of them in OpenSSL. After Eduard Snowden the NIST elliptic curves are not trustworthy anymore and I recommend not to use the NIST curves and make use of the brainpool curves instead.

To generate a key out of a given brainpool curve enter:

openssl ecparam -inform DER -in brainpoolP256r1.der -out brainpoolP256r1.key.pem -genkey

openssl ec -in brainpoolP256r1.key.pem -pubout -out brainpoolP256r1.public.key.pem

You can generate a elliptic curve based certificate with the following command:

openssl req -new -x509 -sha256 -days 356 -key brainpoolP256r1.key.pem -out ca.crt

openssl x509 -in ca.crt -text

To sign and verify messages with a given elliptic curve you just enter one of these:

sign with private key:

openssl dgst -ecdsa-with-SHA1 -sign brainpoolP256r1.key.pem -out file.txt.ecdsa-with-sha1 file.txt

verify with private key:

openssl dgst -ecdsa-with-SHA1 -prverify brainpoolP256r1.key.pem -signature file.txt.ecdsa-with-sha1 file.txt

verify with public key:

openssl dgst -ecdsa-with-SHA1 -verify brainpoolP256r1.public.key.pem -signature file.txt.ecdsa-with-sha1 file.txt