First, the private key is generated using the following commands:
$ openssl ecparam -genkey -name secp256k1 -noout -out eccprivatekey.pem $ cat eccprivatekey.pem -----BEGIN EC PRIVATE KEY----- MHQCAQEEIMVmyrnEDOs7SYxS/AbXoIwqZqJ+gND9Z2/nQyzcpaPBoAcGBSuBBAAK oUQDQgAEEKKS4E4+TATIeBX8o2J6PxKkjcoWrXPwNRo/k4Y/CZA4pXvlyTgH5LYm QbU0qUtPM7dAEzOsaoXmetqB+6cM+Q== -----END EC PRIVATE KEY-----
Next, the public key is generated from the private key:
$ openssl ec -in eccprivatekey.pem -pubout -out eccpublickey.pem read EC key writing EC key $ cat eccpublickey.pem -----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEEKKS4E4+TATIeBX8o2J6PxKkjcoWrXPw NRo/k4Y/CZA4pXvlyTgH5LYmQbU0qUtPM7dAEzOsaoXmetqB+6cM+Q== -----END PUBLIC KEY-----
Now, suppose a file named testsign.txt needs to be signed and verified. This can be achieved as follows:
- Create a test file:
$ echo testing > testsign.txt $ cat testsign.txt testing
- Run the following command to generate a signature using a private key for the testsign.txt file:
$ openssl dgst -ecdsa-with-SHA1 -sign eccprivatekey.pem
testsign.txt > ecsign.bin
- Finally, the command for verification can be run as shown here:
$ openssl dgst -ecdsa-with-SHA1 -verify eccpublickey.pem
-signature ecsign.bin testsign.txt Verified OK
A certificate can also be produced by using the private key generated earlier by using the following command:
$ openssl req -new -key eccprivatekey.pem -x509 -nodes -days 365
-out ecccertificate.pem
This command will produce the output similar to the one shown here. Enter the appropriate parameters to generate the certificate:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value,
If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:GB State or Province Name (full name) [Some-State]:Cambridge
Locality Name (eg, city) []:Cambridge Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dr.Equinox! Organizational Unit Name (eg, section) []:NA Common Name (e.g. server FQDN or YOUR name) []:drequinox
Email Address []:[email protected]
The certificate can be explored using the following command:
$ openssl x509 -in ecccertificate.pem -text -noout
The following output shows the certificate:
X509 certiļ¬cate that uses ECDSA algorithm with SHA-256
There following topics in cryptography are presented because of their relevance to blockchain, or their potential use in future blockchain ecosystems.