转:椭圆曲线密钥生成


下载openssl自行编译

https://www.openssl.org/source/openssl-1.0.1i.tar.gz

 

./config --prefix=/d/local && make && make install

 

man --manpath=/d/local/ssl/man ecparam

或者查看在线帮助:

https://www.openssl.org/docs/apps/ecparam.html#

 

查看是否支持ec算法(有些linux发行版由于liscense的限制没有加进来)

 

OpenSSL> help
openssl:Error: 'help' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             srp               ts                verify            
version           x509              

Message Digest commands (see the `dgst' command for more details)
md4               md5               mdc2              rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            seed              seed-cbc          seed-cfb          
seed-ecb          seed-ofb          

OpenSSL>

 

 

添加临时路径export PATH=/d/local/bin:$PATH

 

1) 查看支持的曲线名称

 

localhost ~ # openssl ecparam -list_curves
  secp112r1 : SECG/WTLS curve over a 112 bit prime field
  secp112r2 : SECG curve over a 112 bit prime field
  secp128r1 : SECG curve over a 128 bit prime field
  secp128r2 : SECG curve over a 128 bit prime field
  secp160k1 : SECG curve over a 160 bit prime field
  secp160r1 : SECG curve over a 160 bit prime field
  secp160r2 : SECG/WTLS curve over a 160 bit prime field
  secp192k1 : SECG curve over a 192 bit prime field
  secp224k1 : SECG curve over a 224 bit prime field
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
  prime192v2: X9.62 curve over a 192 bit prime field
  prime192v3: X9.62 curve over a 192 bit prime field
  prime239v1: X9.62 curve over a 239 bit prime field
  prime239v2: X9.62 curve over a 239 bit prime field
  prime239v3: X9.62 curve over a 239 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field
  sect113r1 : SECG curve over a 113 bit binary field
  sect113r2 : SECG curve over a 113 bit binary field
  sect131r1 : SECG/WTLS curve over a 131 bit binary field
  sect131r2 : SECG curve over a 131 bit binary field
  sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field
  sect163r1 : SECG curve over a 163 bit binary field
  sect163r2 : NIST/SECG curve over a 163 bit binary field
  sect193r1 : SECG curve over a 193 bit binary field
  sect193r2 : SECG curve over a 193 bit binary field
  sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect239k1 : SECG curve over a 239 bit binary field
  sect283k1 : NIST/SECG curve over a 283 bit binary field
  sect283r1 : NIST/SECG curve over a 283 bit binary field
  sect409k1 : NIST/SECG curve over a 409 bit binary field
  sect409r1 : NIST/SECG curve over a 409 bit binary field
  sect571k1 : NIST/SECG curve over a 571 bit binary field
  sect571r1 : NIST/SECG curve over a 571 bit binary field
  c2pnb163v1: X9.62 curve over a 163 bit binary field
  c2pnb163v2: X9.62 curve over a 163 bit binary field
  c2pnb163v3: X9.62 curve over a 163 bit binary field
  c2pnb176v1: X9.62 curve over a 176 bit binary field
  c2tnb191v1: X9.62 curve over a 191 bit binary field
  c2tnb191v2: X9.62 curve over a 191 bit binary field
  c2tnb191v3: X9.62 curve over a 191 bit binary field
  c2pnb208w1: X9.62 curve over a 208 bit binary field
  c2tnb239v1: X9.62 curve over a 239 bit binary field
  c2tnb239v2: X9.62 curve over a 239 bit binary field
  c2tnb239v3: X9.62 curve over a 239 bit binary field
  c2pnb272w1: X9.62 curve over a 272 bit binary field
  c2pnb304w1: X9.62 curve over a 304 bit binary field
  c2tnb359v1: X9.62 curve over a 359 bit binary field
  c2pnb368w1: X9.62 curve over a 368 bit binary field
  c2tnb431r1: X9.62 curve over a 431 bit binary field
  wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls12: WTLS curvs over a 224 bit prime field
  Oakley-EC2N-3: 
	IPSec/IKE/Oakley curve #3 over a 155 bit binary field.
	Not suitable for ECDSA.
	Questionable extension field!
  Oakley-EC2N-4: 
	IPSec/IKE/Oakley curve #4 over a 185 bit binary field.
	Not suitable for ECDSA.
	Questionable extension field!

本文演示使用的曲线:

  secp256k1 : SECG curve over a 256 bit prime field

 

2) 生成曲线参数secp256k1

localhost ~ # openssl ecparam -out secp256k1.pem -name secp256k1
localhost ~ # cat secp256k1.pem 
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----

 

以上的参数是通过OID引用

 

localhost ~ # openssl ecparam -out secp256k1.pem -name secp256k1 -param_enc explicit
localhost ~ # cat secp256k1.pem 
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
localhost ~ #

以上参数是直接存储于pem文件中

 

3)校验参数

 

localhost ~ # openssl ecparam -in secp256k1.pem -check
checking elliptic curve parameters: ok
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
localhost ~ #

4) 通过给定的param生成私钥

 

localhost ~ # openssl ecparam -name secp256k1 -genkey -out secp256k1_key.pem
localhost ~ # cat secp256k1_key.pem 
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIIQQgqoSJb/ND/n3fbcDUHGWici4NcfbsqnDr4VQF/tToAcGBSuBBAAK
oUQDQgAEew4K/52meQDVyuPO1TdFAnmWHz2zUWVgAiBW6yS2UUW6LxqO5Apt6wr2
FWzOZnHBMPE+Yc7rg5lyJGBKIfKwvQ==
-----END EC PRIVATE KEY-----
localhost ~ #

可以看出来文件的上半部分是param参数(OID引用形式)

 

如果用param_enc explicit生成应该是这个样子:

 

localhost ~ # cat secp256k1_key_explicti.pem 
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQgJUJXIbRLjqBOuoaUaXDzpddd5Tk1r/kZa3bdohqTLz6ggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAATxDbZAJAXGy/Q8b9HimoKJcpi8CYsd1F9W
34YigqkVcnF6LRiv2kZBCWG28xU41DG0jQ8u4C3smWnl+FVch5km
-----END EC PRIVATE KEY-----

也可以以第2步骤生成的param文件来生成key:

 

localhost ~ # openssl ecparam -in secp256k1.pem -genkey -out secp256k1_key_exp_fromparamfile.pem
localhost ~ # cat secp256k1_key_exp_fromparamfile.pem 
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQg/xGAHURjXBdjeryNb5JdbR+l4IATbAJotgOek43mYLeggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAARoX29cYNFoC8maicfk9YK+YzOnu8VPFmmb
3uk6Qnwtk1h4tUfRdwnLQ8B20rvioq1MnGiLczNDNU8rWatswRtm
-----END EC PRIVATE KEY-----

连续两次生成的结果是不一样的(随机数种子)

localhost ~ # openssl ecparam -in secp256k1.pem -genkey -out secp256k1_key_exp_fromparamfile.pem
localhost ~ # cat secp256k1_key_exp_fromparamfile.pem 
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQg/xGAHURjXBdjeryNb5JdbR+l4IATbAJotgOek43mYLeggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAARoX29cYNFoC8maicfk9YK+YzOnu8VPFmmb
3uk6Qnwtk1h4tUfRdwnLQ8B20rvioq1MnGiLczNDNU8rWatswRtm
-----END EC PRIVATE KEY-----
localhost ~ # openssl ecparam -in secp256k1.pem -genkey -out secp256k1_key_exp_fromparamfile.pem
localhost ~ # cat secp256k1_key_exp_fromparamfile.pem 
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQgZ93Xfs+9TN6rURZfxLbPEvcKLuVi3EPxLCFF6N3eIlmggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAASqtpchBfbSVxFGsQ7fGoJGIThL7tnE7SwP
9AGbX43hjdQ+dmDwyUNkhk2kEYBWFlScqf1INqy/Q6+SVbV4PnwN
-----END EC PRIVATE KEY-----
localhost ~ #

使用随机数种子文件来辅助生成私钥

 

localhost ~ # echo -n aaaabbbbccccddddaaaabbbbccccdddd > random_seed
localhost ~ # openssl ecparam -genkey -rand random_seed -name secp256k1 -out secp256k1_key_by_rand.pem 
32 semi-random bytes loaded
localhost ~ # cat secp256k1_key_by_rand.pem 
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMKEC49/eGgO0gBQFhIzyKaK1ptHQPULKtNd7dJzGSJroAcGBSuBBAAK
oUQDQgAETeTy6KD8TmyLQFDAOIh/ON+eGkLmTzQ39uh0udfR1ZLgjuZJxvsHWaBj
evd/0etmEj9e5OshFPBznZsreAoW9w==
-----END EC PRIVATE KEY-----
localhost ~ # openssl ecparam -genkey -rand random_seed -name secp256k1 -out secp256k1_key_by_rand.pem 
32 semi-random bytes loaded
localhost ~ # cat secp256k1_key_by_rand.pem 
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIKicfTfgjEZnLlueaChoBMhWPHonMuooHSDKRECCUMDKoAcGBSuBBAAK
oUQDQgAEdFEGrb3UPLWL2fBOcZwKi3jNB9r4bMYD1gKQaeLHioEynHvgZn+rAZKd
RgGEWzK74Ql45ILRBEuGo/dvumW5Gw==
-----END EC PRIVATE KEY-----

 

 

生成压缩形式的参数(专利限制)

使用./config --prefix=/d/local -DOPENSSL_EC_BIN_PT_COMP  && make && make install 重新编译

 

localhost ~ # openssl ecparam -name secp256k1 -param_enc explicit -text -out ec_param.pem
localhost ~ # cat ec_param.pem 
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
localhost ~ # openssl ecparam -in ec_param.pem -out ec_param_x.pem -conv_form compressed
localhost ~ # cat ec_param_x.pem 
-----BEGIN EC PARAMETERS-----
MIGCAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBCECeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5gC
IQD////////////////////+uq7c5q9IoDu/0l6M0DZBQQIBAQ==
-----END EC PARAMETERS-----

 

生成可读形式的参数

 

localhost ~ # openssl ecparam -out secp256k1_test.pem -text -name secp256k1 -param_enc explicit
localhost ~ # cat secp256k1_test.pem 
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
localhost ~ # openssl ecparam -out secp256k1_test.pem -text -name secp256k1 -param_enc named_curve
localhost ~ # cat secp256k1_test.pem 
ASN1 OID: secp256k1
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----

 

压缩形式的参数结构生成私钥和非压缩形式的参数结构生成私钥

 

localhost ~ # cat ec_param_x.pem 
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (compressed):
    02:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN EC PARAMETERS-----
MIGCAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBCECeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5gC
IQD////////////////////+uq7c5q9IoDu/0l6M0DZBQQIBAQ==
-----END EC PARAMETERS-----
localhost ~ # cat ec_param.pem 
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
localhost ~ # openssl ecparam -genkey -in ec_param_x.pem -rand seedfile -param_enc explicit -text -out ec_key_x.pem
32 semi-random bytes loaded
localhost ~ # cat ec_key_x.pem 
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (compressed):
    02:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN EC PARAMETERS-----
MIGCAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBCECeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5gC
IQD////////////////////+uq7c5q9IoDu/0l6M0DZBQQIBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHzAgEBBCCSGaTblsjM6/2hJUFzcWid4Jgw7shwz7F1c5rP8S0s+6CBhTCBggIB
ATAsBgcqhkjOPQEBAiEA/////////////////////////////////////v///C8w
BgQBAAQBBwQhAnm+Zn753LusVaBilc6HCwcCm/zbLc4o2VnygVsW+BeYAiEA////
/////////////////rqu3OavSKA7v9JejNA2QUECAQGhRANCAAQcdlQSvn5rjMDk
ckWLF81RTsOWGpB3PmUdxp2zJAkwHOvPP0PNmxRumw2YCoPDyiv6MgUVUDdBs2WX
uqPOnbqS
-----END EC PRIVATE KEY-----
localhost ~ # openssl ecparam -genkey -in ec_param.pem -rand seedfile -param_enc explicit -text -out ec_key.pem
32 semi-random bytes loaded
localhost ~ # cat ec_key.pem 
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQgA+GW5vk7nn91zx8+x0DudBFy2Pj6I+fpRpOvm286mVeggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAAQBBXGUyBizP5283AIL7I4Z83YvioD0zyDu
/ZYkNql/K9+RET3+vnClkqHlU1j+L2ZcKMA9nWMXFVUjmuENFHVd
-----END EC PRIVATE KEY-----

 

5) 从私钥生成公钥

openssl ec读写加密(不加密)形式的公钥和私钥信息,也可以用来从私钥计算公钥。

这里主要用从私钥输出公钥的功能:

 

非压缩形式的公钥输出:

localhost ~ # openssl ec -in ec_key.pem -pubout -text -noout

read EC key

Private-Key: (256 bit)

priv:

03:e1:96:e6:f9:3b:9e:7f:75:cf:1f:3e:c7:40:ee:

74:11:72:d8:f8:fa:23:e7:e9:46:93:af:9b:6f:3a:

99:57

pub:

04:01:05:71:94:c8:18:b3:3f:9d:bc:dc:02:0b:ec:

8e:19:f3:76:2f:8a:80:f4:cf:20:ee:fd:96:24:36:

a9:7f:2b:df:91:11:3d:fe:be:70:a5:92:a1:e5:53:

58:fe:2f:66:5c:28:c0:3d:9d:63:17:15:55:23:9a:

e1:0d:14:75:5d

Field Type: prime-field

Prime:

00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:

ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:

ff:fc:2f

A:    0

B:    7 (0x7)

Generator (uncompressed):

04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:

0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:

f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:

0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:

8f:fb:10:d4:b8

Order:

00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:

ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:

36:41:41

Cofactor:  1 (0x1)

 

压缩形式的公钥输出

localhost ~ # openssl ec -in ec_key.pem -conv_form compressed -text -noout

read EC key

Private-Key: (256 bit)

priv:

03:e1:96:e6:f9:3b:9e:7f:75:cf:1f:3e:c7:40:ee:

74:11:72:d8:f8:fa:23:e7:e9:46:93:af:9b:6f:3a:

99:57

pub:

03:01:05:71:94:c8:18:b3:3f:9d:bc:dc:02:0b:ec:

8e:19:f3:76:2f:8a:80:f4:cf:20:ee:fd:96:24:36:

a9:7f:2b

Field Type: prime-field

Prime:

00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:

ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:

ff:fc:2f

A:    0

B:    7 (0x7)

Generator (compressed):

02:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:

0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:

f8:17:98

Order:

00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:

ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:

36:41:41

Cofactor:  1 (0x1)

 

输出到文件:

 

localhost ~ # openssl ec -in ec_key.pem -pubout -out ec_pubkey.pem             
read EC key
writing EC key
localhost ~ # cat ec_pubkey.pem 
-----BEGIN PUBLIC KEY-----
MIH1MIGuBgcqhkjOPQIBMIGiAgEBMCwGByqGSM49AQECIQD/////////////////
///////////////////+///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb
/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIh
AP////////////////////66rtzmr0igO7/SXozQNkFBAgEBA0IABAEFcZTIGLM/
nbzcAgvsjhnzdi+KgPTPIO79liQ2qX8r35ERPf6+cKWSoeVTWP4vZlwowD2dYxcV
VSOa4Q0UdV0=
-----END PUBLIC KEY-----
localhost ~ # openssl ec -in ec_key.pem -pubout -text -out ec_pubkey.pem
read EC key
writing EC key
localhost ~ # cat ec_pubkey.pem 
Private-Key: (256 bit)
priv:
    03:e1:96:e6:f9:3b:9e:7f:75:cf:1f:3e:c7:40:ee:
    74:11:72:d8:f8:fa:23:e7:e9:46:93:af:9b:6f:3a:
    99:57
pub: 
    04:01:05:71:94:c8:18:b3:3f:9d:bc:dc:02:0b:ec:
    8e:19:f3:76:2f:8a:80:f4:cf:20:ee:fd:96:24:36:
    a9:7f:2b:df:91:11:3d:fe:be:70:a5:92:a1:e5:53:
    58:fe:2f:66:5c:28:c0:3d:9d:63:17:15:55:23:9a:
    e1:0d:14:75:5d
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN PUBLIC KEY-----
MIH1MIGuBgcqhkjOPQIBMIGiAgEBMCwGByqGSM49AQECIQD/////////////////
///////////////////+///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb
/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIh
AP////////////////////66rtzmr0igO7/SXozQNkFBAgEBA0IABAEFcZTIGLM/
nbzcAgvsjhnzdi+KgPTPIO79liQ2qX8r35ERPf6+cKWSoeVTWP4vZlwowD2dYxcV
VSOa4Q0UdV0=
-----END PUBLIC KEY-----

 

参考:

https://en.bitcoin.it/wiki/Secp256k1

 

Secp256k1

This is a graph of secp256k1's elliptic curve y2 = x3 + 7 over the real numbers. Note that because secp256k1 is actually defined over the field Zp, its
graph will in reality look like random scattered points, not anything like this.

secp256k1 refers to the parameters of the ECDSA curve
used in Bitcoin, and is defined in Standards for Efficient Cryptography (SEC) (Certicom Research, http://www.secg.org/collateral/sec2_final.pdf).

secp256k1 was almost never used before Bitcoin became popular, but it is now gaining in popularity due to its several nice properties. Most commonly-used curves have a random structure, but secp256k1 was constructed
in a special non-random way which allows for especially efficient computation. As a result, it is often more than 30% faster than other curves if the implementation is sufficiently optimized. Also, unlike the popular NIST curves, secp256k1's constants were
selected in a predictable way, which significantly reduces the possibility that the curve's creator inserted any sort of backdoor into the curve.

Technical details

As excerpted from Standards:

The elliptic curve domain parameters over Fp associated with a Koblitz curve secp256k1 are specified by the sextuple T = (p,a,b,G,n,h) where the finite field
Fp is defined by:

  • p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F
  • = 2256 - 232 - 29 - 28 - 27 - 26 -
    24 - 1

The curve Ey2 = x3+ax+b over Fp is defined by:

  • a = 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
  • b = 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000007

The base point G in compressed form is:

  • G = 02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798

and in uncompressed form is:

  • G = 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8

Finally the order n of G and the cofactor are:

  • n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141
  • h = 01

 

Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)
-----BEGIN EC PARAMETERS-----
MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+
///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI
Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP//////////////////
//66rtzmr0igO7/SXozQNkFBAgEB
-----END EC PARAMETERS-----

 

PER/DER编码参考

 

 

椭圆曲线私钥格式定义

 


 

3. Elliptic Curve Private Key Format

This section gives the syntax for an EC private key. Computationally, an EC private key is an unsigned integer, but for representation, EC private key information SHALL have ASN.1 type ECPrivateKey: ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL }   格式分析:  

localhost ~ # cat ec_key.pem 
-----BEGIN EC PRIVATE KEY-----
MIIBEwIBAQQgA+GW5vk7nn91zx8+x0DudBFy2Pj6I+fpRpOvm286mVeggaUwgaIC
AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv
MAYEAQAEAQcEQQR5vmZ++dy7rFWgYpXOhwsHApv82y3OKNlZ8oFbFvgXmEg62ncm
o8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA/////////////////////rqu
3OavSKA7v9JejNA2QUECAQGhRANCAAQBBXGUyBizP5283AIL7I4Z83YvioD0zyDu
/ZYkNql/K9+RET3+vnClkqHlU1j+L2ZcKMA9nWMXFVUjmuENFHVd
-----END EC PRIVATE KEY-----

// 可读形式的私钥
localhost ~ # openssl ec -in ec_key.pem -noout -text          
read EC key
Private-Key: (256 bit)
priv:
    03:e1:96:e6:f9:3b:9e:7f:75:cf:1f:3e:c7:40:ee:
    74:11:72:d8:f8:fa:23:e7:e9:46:93:af:9b:6f:3a:
    99:57
pub: 
    04:01:05:71:94:c8:18:b3:3f:9d:bc:dc:02:0b:ec:
    8e:19:f3:76:2f:8a:80:f4:cf:20:ee:fd:96:24:36:
    a9:7f:2b:df:91:11:3d:fe:be:70:a5:92:a1:e5:53:
    58:fe:2f:66:5c:28:c0:3d:9d:63:17:15:55:23:9a:
    e1:0d:14:75:5d
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
    ff:fc:2f
A:    0
B:    7 (0x7)
Generator (uncompressed):
    04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
    0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
    f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
    0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
    8f:fb:10:d4:b8
Order: 
    00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
    36:41:41
Cofactor:  1 (0x1)

//二进制形式的私钥(DER编码)
localhost ~ # hexdump -C ec_key.der 
00000000  30 82 01 13 02 01 01 04  20
                                     [03 e1 96 e6 f9 3b 9e  |0....... .....;.|
00000010  7f 75 cf 1f 3e c7 40 ee  74 11 72 d8 f8 fa 23 e7  |.u..>.@.t.r...#.|
00000020  e9 46 93 af 9b 6f 3a 99  57]//===>私钥
                                      a0 81 a5
                                              [30 81 a2 02  |.F...o:.W...0...|
00000030  01 01 30 2c 06 07 2a 86  48 ce 3d 01 01 02 21 00  |..0,..*.H.=...!.|
00000040  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
00000050  ff ff ff ff ff ff ff ff  ff ff ff fe ff ff fc 2f  |.............../|
00000060  30 06 04 01 00 04 01 07  04 41 04 79 be 66 7e f9  |0........A.y.f~.|
00000070  dc bb ac 55 a0 62 95 ce  87 0b 07 02 9b fc db 2d  |...U.b.........-|
00000080  ce 28 d9 59 f2 81 5b 16  f8 17 98 48 3a da 77 26  |.(.Y..[....H:.w&|
00000090  a3 c4 65 5d a4 fb fc 0e  11 08 a8 fd 17 b4 48 a6  |..e]..........H.|
000000a0  85 54 19 9c 47 d0 8f fb  10 d4 b8 02 21 00 ff ff  |.T..G.......!...|
000000b0  ff ff ff ff ff ff ff ff  ff ff ff ff ff fe ba ae  |................|
000000c0  dc e6 af 48 a0 3b bf d2  5e 8c d0 36 41 41 02 01  |...H.;..^..6AA..|
000000d0  01]//===>参数
             a1 44 03 42 00
                           [04 01  05 71 94 c8 18 b3 3f 9d  |..D.B....q....?.|
000000e0  bc dc 02 0b ec 8e 19 f3  76 2f 8a 80 f4 cf 20 ee  |........v/.... .|
000000f0  fd 96 24 36 a9 7f 2b df  91 11 3d fe be 70 a5 92  |..$6..+...=..p..|
00000100  a1 e5 53 58 fe 2f 66 5c  28 c0 3d 9d 63 17 15 55  |..SX./f\(.=.c..U|
00000110  23 9a e1 0d 14 75 5d]//===>公钥                   |#....u]|
00000117

//椭圆曲线secp256k1六元组定义(p,a,b,G,n,h)
localhost ~ # hexdump -C ec_param.der 
00000000  30 81 a2 02 01 01 30 2c  06 07 2a 86 48 ce 3d 01  |0.....0,..*.H.=.|
00000010  01 02 21 00
                     [ff ff ff ff  ff ff ff ff ff ff ff ff  |..!.............|
00000020  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff fe  |................|
00000030  ff ff fc 2f]//===> p值
                      30 06 04 01  00 04 01 07 04 41
                                                    [04 79  |.../0........A.y|
00000040  be 66 7e f9 dc bb ac 55  a0 62 95 ce 87 0b 07 02  |.f~....U.b......|
00000050  9b fc db 2d ce 28 d9 59  f2 81 5b 16 f8 17 98 48  |...-.(.Y..[....H|
00000060  3a da 77 26 a3 c4 65 5d  a4 fb fc 0e 11 08 a8 fd  |:.w&..e]........|
00000070  17 b4 48 a6 85 54 19 9c  47 d0 8f fb 10 d4 b8]//===>G点
                                                        02  |..H..T..G.......|
00000080  21 00
               [ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |!...............|
00000090  ff fe ba ae dc e6 af 48  a0 3b bf d2 5e 8c d0 36  |.......H.;..^..6|
000000a0  41 41]//===>n值
                02 01 01                                    |AA...|
000000a5

// 公钥
localhost ~ # hexdump -C pubkey.der 
00000000  30 81 f5 30 81 ae 06 07  2a 86 48 ce 3d 02 01 30  |0..0....*.H.=..0|
00000010  81 a2 02 01 01 30 2c 06  07 2a 86 48 ce 3d 01 01  |.....0,..*.H.=..|
00000020  02 21 00 ff ff ff ff ff  ff ff ff ff ff ff ff ff  |.!..............|
00000030  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff fe ff  |................|
00000040  ff fc 2f 30 06 04 01 00  04 01 07 04 41 04 79 be  |../0........A.y.|
00000050  66 7e f9 dc bb ac 55 a0  62 95 ce 87 0b 07 02 9b  |f~....U.b.......|
00000060  fc db 2d ce 28 d9 59 f2  81 5b 16 f8 17 98 48 3a  |..-.(.Y..[....H:|
00000070  da 77 26 a3 c4 65 5d a4  fb fc 0e 11 08 a8 fd 17  |.w&..e].........|
00000080  b4 48 a6 85 54 19 9c 47  d0 8f fb 10 d4 b8 02 21  |.H..T..G.......!|
00000090  00 ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
000000a0  fe ba ae dc e6 af 48 a0  3b bf d2 5e 8c d0 36 41  |......H.;..^..6A|
000000b0  41 02 01 01 03 42 00 
                              [04  01 05 71 94 c8 18 b3 3f  |A....B....q....?|
000000c0  9d bc dc 02 0b ec 8e 19  f3 76 2f 8a 80 f4 cf 20  |.........v/.... |
000000d0  ee fd 96 24 36 a9 7f 2b  df 91 11 3d fe be 70 a5  |...$6..+...=..p.|
000000e0  92 a1 e5 53 58 fe 2f 66  5c 28 c0 3d 9d 63 17 15  |...SX./f\(.=.c..|
000000f0  55 23 9a e1 0d 14 75 5d]//===>实际上公钥在这里    |U#....u]|
000000f8

参考:

DER编码规范
via:http://blog.csdn.net/hacode/article/details/39396659

Archives