1

I am executing the following command to generate ecdsa keypair on my machine: openssl ecparam -genkey -name secp256k1 -noout -outform DER -out private.key and on executing this next command openssl ec -inform DER -in private.key -noout -text, I get the following output:

read EC key
Private-Key: (256 bit)
priv:
    //private key
pub: 
    04:64:0a:f7:e6:e1:a9:7f:d3:b2:ec:ad:f1:41:96:
    ee:c1:c2:e7:02:4a:54:42:ab:e8:da:9f:88:e1:02:
    46:aa:32:91:38:b5:9e:37:fc:96:d9:36:02:07:de:
    74:59:c4:a8:e0:2b:21:3a:d4:70:7d:5e:92:54:22:
    65:80:0f:df:fd
ASN1 OID: secp256k1

Now what I'm interested in is the above public key without colons i.e. 04640af7e6e1a97fd3b2ecadf14196eec1c2e7024a5442abe8da9f88e10246aa329138b59e37fc96d9360207de7459c4a8e02b213ad4707d5e92542265800fdffd. I need to send to this public key to an api call which validates whether the key is valid or not. The key generated by openssl when sent with the api call is accepted by the server as valid.

But the public ecdsa key generated in java when sent with the api call is rejected. I'm using following code to generate keypair

public KeyPair getECDSAKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException,
        InvalidAlgorithmParameterException {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "SC");
    ECGenParameterSpec spec = new ECGenParameterSpec("secp256k1");
    keyPairGenerator.initialize(spec, new SecureRandom());
    return keyPairGenerator.generateKeyPair();
}

public String getHexPublicKeyString(KeyPair keypair) {
    PublicKey publicKey =  keypair.getPublic();
    return Hex.toHexString(publicKey.getEncoded());
}

My question is how can I generate same type of ECDSA keypair as generated by the OpenSSL? And what is the difference between the keys generated by OpenSSL and the code generated by java such that key generated by OpenSSL is accepted whereas key generated by java is rejected?

jww
  • 97,681
  • 90
  • 411
  • 885
Harry
  • 1,151
  • 11
  • 27
  • *"what I'm interested in is the above public key without colons..."* - Pipe it through `tr` or `sed` to remove the colons and white space. Also see [Elliptic Curve Cryptography](https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography) on the OpenSSL wiki. – jww May 20 '16 at 14:53
  • I mean how to create same type of key in java?? – Harry May 20 '16 at 18:16
  • Maybe this will help: [How can I get a PublicKey object from EC public key bytes?](http://stackoverflow.com/q/26159149). The thing is, you have an EC key from both Java and OpenSSL. You seem to be having problems with presentation details, but you have not told us what format you need. And `openssl ec -inform DER -in private.key -noout -text` creates yet another presentation format. Why don't you tell us what format the API expects? Its going to be be either (1) PEM or (2) DER (with optional encoding like hex or Websafe Base64); and (3) publicKey or (4) subjectPublicKeyInfo. – jww May 20 '16 at 18:49
  • @jww I need DER output (with hex format) which I'm trying to explicitly convert. Can I force the said output via spongy castle since this is not working? – Harry May 21 '16 at 17:45

1 Answers1

1

I was able to generate the required public through following method using SpongyCastle:

public static String getHexEncodedPublicKey(PublicKey publicKey) throws IOException, InvalidKeyException {
    ECPublicKeyParameters ecPublicKeyParameters
            = (ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(publicKey);
    byte[] encoded = ecPublicKeyParameters.getQ().getEncoded(false);
    return Hex.toHexString(encoded);
}
Harry
  • 1,151
  • 11
  • 27