I'm using OpenSSL's c library to generate an elliptic curve Diffie-Hellman (ECDH) key pair, following the first code sample here. It glosses over the actual exchange of public keys with this line:
peerkey = get_peerkey(pkey);
The pkey
variable and the return value are both of type EVP *
. pkey
contains the public key, private key, and params generated earlier, and the return value only contains the peer's public key. So this raises three questions:
- How would
get_peerkey()
actually extract just the public key frompkey
for sending to the peer? - How would the code extract the private key and params from
pKey
to store them for later use after the key exchange? - How would
get_peerkey()
generate a newEVP_PKEY
structure from the peer's raw public key?
I've seen the OpenSSL functions EVP_PKEY_print_public()
, EVP_PKEY_print_private()
, and EVP_PKEY_print_params()
but these are for generating human-readable output. And I haven't found any equivalent for converting a human-readable public key back into an EVP_PKEY
structure.
To answer my own question, there's a different path for the private key and the public key.
To serialize the public key:
To deserialize the public key:
To serialize the private key:
To deserialize the private key:
It is also possible to convert the BIGNUM to hex, decimal, or "bin", although I think that mpi used the fewest bytes.