3

When I generated the SSL key using ecparam, I got a CSR with a named curve:

$ openssl ecparam -genkey -out ecparam.key -name prime256v1
$ openssl req -new -sha256 -key ecparam.key -out ecparam.csr -subj "/CN=Test"
$ openssl req -text -in ecparam.csr 
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=Test
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:c0:10:c0:d2:8a:5d:f3:05:84:94:a5:23:1b:59:
                    35:20:b8:5f:e9:b1:f2:6b:83:15:59:3f:75:93:6b:
                    b6:a5:ce:16:19:04:9d:18:0d:8d:bb:db:2a:2c:e2:
                    05:c1:58:46:42:18:19:7a:c5:71:48:ec:54:a2:2d:
                    4d:6a:e3:14:23
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
            a0:00
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:93:1a:fe:90:c7:29:07:d2:b4:c7:c3:b2:fe:
         dc:6a:bf:62:4b:88:4a:98:3f:30:e7:b0:62:55:62:6c:d9:b3:
         bc:02:21:00:a0:3c:2f:1d:c8:28:72:bf:9c:8d:51:87:80:a4:
         a0:17:7c:e8:17:60:63:8f:ea:21:ce:53:af:65:ee:80:25:d0
-----BEGIN CERTIFICATE REQUEST-----
MIHKMHECAQAwDzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABMAQwNKKXfMFhJSlIxtZNSC4X+mx8muDFVk/dZNrtqXOFhkEnRgNjbvbKizi
BcFYRkIYGXrFcUjsVKItTWrjFCOgADAKBggqhkjOPQQDAgNJADBGAiEAkxr+kMcp
B9K0x8Oy/txqv2JLiEqYPzDnsGJVYmzZs7wCIQCgPC8dyChyv5yNUYeApKAXfOgX
YGOP6iHOU69l7oAl0A==
-----END CERTIFICATE REQUEST-----

However if I generate the key using genpkey (or req), my CSR now have an explicit curve instead:

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out genpkey.key
$ openssl req -new -sha256 -key genpkey.key -out genpkey.csr -subj "/CN=Test"
$ openssl req -text -in genpkey.csr 
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=Test
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:86:e1:af:90:3d:76:d9:2f:9d:bc:ca:5a:80:0a:
                    fc:6f:a7:75:29:26:5b:60:65:fd:3f:74:b4:5b:09:
                    27:0f:da:45:48:21:46:b4:16:a4:52:0e:c1:97:b4:
                    71:3a:5b:dc:6d:6e:aa:33:81:7b:cb:bd:78:18:6a:
                    62:fa:bf:8f:d3
                Field Type: prime-field
                Prime:
                    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                    ff:ff:ff
                A:   
                    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                    ff:ff:fc
                B:   
                    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
                    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
                    60:4b
                Generator (uncompressed):
                    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
                    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
                    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
                    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
                    68:37:bf:51:f5
                Order: 
                    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
                    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
                    63:25:51
                Cofactor:  1 (0x1)
                Seed:
                    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
                    b7:81:9f:7e:90
        Attributes:
            a0:00
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:99:a4:3c:85:cb:f0:b0:f5:10:6e:ff:9a:2b:
         9b:81:3a:35:d2:5d:eb:cc:da:26:16:bb:95:ff:bc:b9:3a:06:
         dc:02:21:00:ea:71:91:fb:87:de:49:87:be:8e:84:da:0f:3f:
         33:bf:e4:48:d6:eb:09:99:81:07:e3:39:f3:83:7c:96:b1:e6
-----BEGIN CERTIFICATE REQUEST-----
MIIBwDCCAWUCAQAwDzENMAsGA1UEAwwEVGVzdDCCAUswggEDBgcqhkjOPQIBMIH3
AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP//////////////
/zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6k+ez
671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+kARB
BGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tKfA+e
FivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTzucrC
/GMlUQIBAQNCAASG4a+QPXbZL528ylqACvxvp3UpJltgZf0/dLRbCScP2kVIIUa0
FqRSDsGXtHE6W9xtbqozgXvLvXgYamL6v4/ToAAwCgYIKoZIzj0EAwIDSQAwRgIh
AJmkPIXL8LD1EG7/miubgTo10l3rzNomFruV/7y5OgbcAiEA6nGR+4feSYe+joTa
Dz8zv+RI1usJmYEH4znzg3yWseY=
-----END CERTIFICATE REQUEST-----
  1. What am I missing here? Why doesn't OpenSSL create a CSR with the named curve when using genpkey/req?
  2. Is there any reason why I should generate a CSR with named or explicit curve? and why?
Lie Ryan
  • 31,089
  • 6
  • 68
  • 93

1 Answers1

3

Inconsistent defaults

Re. 2.

Re. 2: Dunno. But it seems wrong to give a named curve explicitly and let the other end figure out Hey! That's actually one of the named curves I support!

The OpenSSL Wiki has this to say: (line breaks mine)

Parameters and key files can be generated to include the full explicit parameters instead of just the name of the curve if desired.

This might be important if, for example, not all the target systems know the details of the named curve. In OpenSSL version 1.0.2 new named curves have been added such as brainpool512t1. Attempting to use a parameters file or key file in versions of OpenSSL less than 1.0.2 with this curve will result in an error: [...]

Re. 1.

Re. 1: This has nothing to do with the CSR. It's already in the keys. "ecparam" defaults to "named_curve". And "genpkey" defaults to "explicit". I don't know why they programmed it that way.

Example below.

With -pkeyopt ec_param_enc:explicit option:

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:explicit  -text
-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg1Hq9Di0uUkZe
J3CTZQzbO8hK+MsJDYFmimsQ9azcCYOhRANCAATrVc+UPOnoZBzs16PiscXKLZzI
Muu342nf1iRBgZbHrsrFptxEnQBpTQV/Vj4EWYHwtzpt6pJmuvaDpcZg3MYE
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
    00:d4:7a:bd:0e:2d:2e:52:46:5e:27:70:93:65:0c:
    db:3b:c8:4a:f8:cb:09:0d:81:66:8a:6b:10:f5:ac:
    dc:09:83
pub:
    04:eb:55:cf:94:3c:e9:e8:64:1c:ec:d7:a3:e2:b1:
    c5:ca:2d:9c:c8:32:eb:b7:e3:69:df:d6:24:41:81:
    96:c7:ae:ca:c5:a6:dc:44:9d:00:69:4d:05:7f:56:
    3e:04:59:81:f0:b7:3a:6d:ea:92:66:ba:f6:83:a5:
    c6:60:dc:c6:04
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)
Seed:
    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
    b7:81:9f:7e:90

With -pkeyopt ec_param_enc:named_curve option:

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:named_curve  -text
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglWEHQsiU1JdAQx09
r7JE/al6b0ldLUjTrBA6vbfH62WhRANCAASSoDWvKLeEbfuye3qJXxV1bcGwgVGz
FkCn3PE77MDiHukhX1SOI3nbtOISC2kvEEVa7l4MiN1u25y/S5avjLow
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
    00:95:61:07:42:c8:94:d4:97:40:43:1d:3d:af:b2:
    44:fd:a9:7a:6f:49:5d:2d:48:d3:ac:10:3a:bd:b7:
    c7:eb:65
pub:
    04:92:a0:35:af:28:b7:84:6d:fb:b2:7b:7a:89:5f:
    15:75:6d:c1:b0:81:51:b3:16:40:a7:dc:f1:3b:ec:
    c0:e2:1e:e9:21:5f:54:8e:23:79:db:b4:e2:12:0b:
    69:2f:10:45:5a:ee:5e:0c:88:dd:6e:db:9c:bf:4b:
    96:af:8c:ba:30
ASN1 OID: prime256v1
NIST CURVE: P-256

With no such option the default is to use explicit:

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -text                             -----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg8APlrpjwkK1j
7u8dLFxoZIREseEI6oxigSevcQ5dND2hRANCAARCCQFa8DqsxGDUt4LDgEfms7mK
zhuogqc21G2hPFHBckIIQ7T1lT6w2WNBSsw/UT4LdW09Ch2GAGjUabMB3sqE
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
    00:f0:03:e5:ae:98:f0:90:ad:63:ee:ef:1d:2c:5c:
    68:64:84:44:b1:e1:08:ea:8c:62:81:27:af:71:0e:
    5d:34:3d
pub:
    04:42:09:01:5a:f0:3a:ac:c4:60:d4:b7:82:c3:80:
    47:e6:b3:b9:8a:ce:1b:a8:82:a7:36:d4:6d:a1:3c:
    51:c1:72:42:08:43:b4:f5:95:3e:b0:d9:63:41:4a:
    cc:3f:51:3e:0b:75:6d:3d:0a:1d:86:00:68:d4:69:
    b3:01:de:ca:84
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)
Seed:
    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
    b7:81:9f:7e:90

And with ecparam the defaults are the other way around.

With option -param_enc explicit:

$ openssl ecparam -genkey -name prime256v1 -param_enc explicit -text
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)
Seed:
    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
    b7:81:9f:7e:90
-----BEGIN EC PARAMETERS-----
MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP//////////
/////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6
k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+
kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK
fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz
ucrC/GMlUQIBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBaAIBAQQghke2GCVyix7oDwB/56PI42fOHb+Jg+i2qM8RkkJsAF+ggfowgfcC
AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA////////////////
MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr
vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE
axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W
K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8
YyVRAgEBoUQDQgAE6B6QrWh0k+CsBnkrfePLKiD0FblNRlwN+pWWoZ4AVH3/9Px5
C63q9fJ3CZdeo9UlUoGkXqrRqVm1EtUWEHajvg==
-----END EC PRIVATE KEY-----

With option -param_enc named_curve:

$ openssl ecparam -genkey -name prime256v1 -param_enc named_curve -text
ASN1 OID: prime256v1
NIST CURVE: P-256
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICAk+gW8qz7TbJ1oIp4BGrvGeX2a/gBM6c8A7LjGTg0poAoGCCqGSM49
AwEHoUQDQgAEIIkICva0uhtISmjyosAa1CJnGhoM3fBaYXNTTH5aPwhLKLTWDDAu
V9W0HKMTtBRh4XonaTE/zDesKwRr2ZQYmw==
-----END EC PRIVATE KEY-----

With no option the default is to use named_curve:

$ openssl ecparam -genkey -name prime256v1 -text
ASN1 OID: prime256v1
NIST CURVE: P-256
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIH+E5y6cMaUjbnH4kJLOWDtkQ89vG12Jg7oBmdLvmunNoAoGCCqGSM49
AwEHoUQDQgAEBJE0zr7FZyDoFyUgMmYvsViEYAuVz7uCSzEjVVJs2RRbvFQKa3Gt
RX8wAcgfhK0zeAd4xjLfKJq5YTQm2vZ3vQ==
-----END EC PRIVATE KEY-----
StackzOfZtuff
  • 17,783
  • 1
  • 50
  • 86