How to generate an elliptic curve keypair
I want to demonstrate the traditional approach to digital signatures when a message digest of the input data is signed. Hence, we will use ECDSA, not EdDSA, in our examples.
As we already know, a new keypair can be generated using the openssl genpkey subcommand. We will generate an EC keypair of the longest length available in OpenSSL, 570 bits, based on the NIST B-571 curve:
$ openssl genpkey \ -algorithm EC \ -pkeyopt ec_paramgen_curve:secp521r1 \ -out ec_keypair.pem
Here, we have used the -pkeyopt ec_paramgen_curve:secp521r1 switch to specify that we want to use the NIST B-571 curve. Which other curve names could be used instead of secp521r1? The full list of supported curves can be obtained using the following command:
$ openssl ecparam -list_curves
Once the keypair has been generated and written into the ec_keypair.pem file, we can inspect its structure...
