When I'm generating a private key with openssl
, it writes the curve's parameters, and the actual private key:
❯ openssl ecparam -name secp256k1 -genkey
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIKYV1xoz6smkpdMksfgI8/3465V02UZdaKj4JSH30bBhoAcGBSuBBAAK
oUQDQgAEO1O+/xRGEVJgBEAOQorBveXPTQS3c7MA+9R+HEMP7TkscI9FONPclcRb
5sXZJjYHNYWhvxuXdGl8QrFVRIVBYg==
-----END EC PRIVATE KEY-----
Note that the parameters does not contain real data, just reference to the standard used:
❯ openssl ecparam -name secp256k1 | openssl asn1parse
0:d=0 hl=2 l= 5 prim: OBJECT :secp256k1
However when I look at the private key, I can see that it contains the curve type used! Look at the line starting with 41:d
❯ openssl ecparam -name secp256k1 -genkey -noout | openssl asn1parse
0:d=0 hl=2 l= 116 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :01
5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:872F67D0B852C6FE9BD1F5B93AF54B7555D21267200DA2F8ED735729BF32730A
39:d=1 hl=2 l= 7 cons: cont [ 0 ]
41:d=2 hl=2 l= 5 prim: OBJECT :secp256k1
48:d=1 hl=2 l= 68 cons: cont [ 1 ]
50:d=2 hl=2 l= 66 prim: BIT STRING
Is there a reason I need the EC parameters? Why does it produce them by default?
(The only reason I can think of needing those EC parameters, are to use them as an input when generating a private key, but aren't you better off give their name in the command line?)