¿Por qué la CSR contiene una curva explícita al generar una clave privada con genpkey?

2

Cuando generé la clave SSL usando ecparam, obtuve un CSR con una curva con nombre:

$ openssl ecparam -genkey -out ecparam.key -name prime256v1
$ openssl req -new -sha256 -key ecparam.key -out ecparam.csr -subj "/CN=Test"
$ openssl req -text -in ecparam.csr 
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=Test
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:c0:10:c0:d2:8a:5d:f3:05:84:94:a5:23:1b:59:
                    35:20:b8:5f:e9:b1:f2:6b:83:15:59:3f:75:93:6b:
                    b6:a5:ce:16:19:04:9d:18:0d:8d:bb:db:2a:2c:e2:
                    05:c1:58:46:42:18:19:7a:c5:71:48:ec:54:a2:2d:
                    4d:6a:e3:14:23
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
            a0:00
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:93:1a:fe:90:c7:29:07:d2:b4:c7:c3:b2:fe:
         dc:6a:bf:62:4b:88:4a:98:3f:30:e7:b0:62:55:62:6c:d9:b3:
         bc:02:21:00:a0:3c:2f:1d:c8:28:72:bf:9c:8d:51:87:80:a4:
         a0:17:7c:e8:17:60:63:8f:ea:21:ce:53:af:65:ee:80:25:d0
-----BEGIN CERTIFICATE REQUEST-----
MIHKMHECAQAwDzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABMAQwNKKXfMFhJSlIxtZNSC4X+mx8muDFVk/dZNrtqXOFhkEnRgNjbvbKizi
BcFYRkIYGXrFcUjsVKItTWrjFCOgADAKBggqhkjOPQQDAgNJADBGAiEAkxr+kMcp
B9K0x8Oy/txqv2JLiEqYPzDnsGJVYmzZs7wCIQCgPC8dyChyv5yNUYeApKAXfOgX
YGOP6iHOU69l7oAl0A==
-----END CERTIFICATE REQUEST-----

Sin embargo, si genero la clave usando genpkey (o req), mi CSR ahora tiene una curva explícita:

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out genpkey.key
$ openssl req -new -sha256 -key genpkey.key -out genpkey.csr -subj "/CN=Test"
$ openssl req -text -in genpkey.csr 
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=Test
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:86:e1:af:90:3d:76:d9:2f:9d:bc:ca:5a:80:0a:
                    fc:6f:a7:75:29:26:5b:60:65:fd:3f:74:b4:5b:09:
                    27:0f:da:45:48:21:46:b4:16:a4:52:0e:c1:97:b4:
                    71:3a:5b:dc:6d:6e:aa:33:81:7b:cb:bd:78:18:6a:
                    62:fa:bf:8f:d3
                Field Type: prime-field
                Prime:
                    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                    ff:ff:ff
                A:   
                    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                    ff:ff:fc
                B:   
                    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
                    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
                    60:4b
                Generator (uncompressed):
                    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
                    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
                    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
                    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
                    68:37:bf:51:f5
                Order: 
                    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
                    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
                    63:25:51
                Cofactor:  1 (0x1)
                Seed:
                    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
                    b7:81:9f:7e:90
        Attributes:
            a0:00
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:99:a4:3c:85:cb:f0:b0:f5:10:6e:ff:9a:2b:
         9b:81:3a:35:d2:5d:eb:cc:da:26:16:bb:95:ff:bc:b9:3a:06:
         dc:02:21:00:ea:71:91:fb:87:de:49:87:be:8e:84:da:0f:3f:
         33:bf:e4:48:d6:eb:09:99:81:07:e3:39:f3:83:7c:96:b1:e6
-----BEGIN CERTIFICATE REQUEST-----
MIIBwDCCAWUCAQAwDzENMAsGA1UEAwwEVGVzdDCCAUswggEDBgcqhkjOPQIBMIH3
AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP//////////////
/zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6k+ez
671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+kARB
BGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tKfA+e
FivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTzucrC
/GMlUQIBAQNCAASG4a+QPXbZL528ylqACvxvp3UpJltgZf0/dLRbCScP2kVIIUa0
FqRSDsGXtHE6W9xtbqozgXvLvXgYamL6v4/ToAAwCgYIKoZIzj0EAwIDSQAwRgIh
AJmkPIXL8LD1EG7/miubgTo10l3rzNomFruV/7y5OgbcAiEA6nGR+4feSYe+joTa
Dz8zv+RI1usJmYEH4znzg3yWseY=
-----END CERTIFICATE REQUEST-----
  1. ¿Qué me estoy perdiendo aquí? ¿Por qué OpenSSL no crea una CSR con la curva nombrada al usar genpkey / req?
  2. ¿Hay alguna razón por la que deba generar una CSR con una curva con nombre o explícita? y por qué?
pregunta Lie Ryan 20.01.2017 - 12:31
fuente

1 respuesta

2

Valores predeterminados incoherentes

Re. 2.

Re. 2: No sé. Pero parece incorrecto dar una curva con nombre explícitamente y dejar que el otro extremo se entere ¡Hey! ¡En realidad es una de las curvas nombradas que apoyo!

El OpenSSL Wiki dice esto : (saltos de línea míos)

  

Se pueden generar parámetros y archivos clave para incluir los parámetros explícitos completos en lugar de solo el nombre de la curva, si se desea.

     

Esto podría ser importante si, por ejemplo, no todos los sistemas de destino conocen los detalles de la curva mencionada. En la versión 1.0.2 de OpenSSL, se han agregado nuevas curvas con nombre, como brainpool512t1. Intentar usar un archivo de parámetros o clave en versiones de OpenSSL menores a 1.0.2 con esta curva resultará en un error: [...]

Re. 1.

Re. 1: Esto no tiene nada que ver con la RSE. Ya está en las llaves. "ecparam" por defecto es "named_curve". Y "genpkey" por defecto es "explícito". No sé por qué lo programaron de esa manera.

Ejemplo a continuación.

Con la opción -pkeyopt ec_param_enc:explicit :

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:explicit  -text
-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg1Hq9Di0uUkZe
J3CTZQzbO8hK+MsJDYFmimsQ9azcCYOhRANCAATrVc+UPOnoZBzs16PiscXKLZzI
Muu342nf1iRBgZbHrsrFptxEnQBpTQV/Vj4EWYHwtzpt6pJmuvaDpcZg3MYE
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
    00:d4:7a:bd:0e:2d:2e:52:46:5e:27:70:93:65:0c:
    db:3b:c8:4a:f8:cb:09:0d:81:66:8a:6b:10:f5:ac:
    dc:09:83
pub:
    04:eb:55:cf:94:3c:e9:e8:64:1c:ec:d7:a3:e2:b1:
    c5:ca:2d:9c:c8:32:eb:b7:e3:69:df:d6:24:41:81:
    96:c7:ae:ca:c5:a6:dc:44:9d:00:69:4d:05:7f:56:
    3e:04:59:81:f0:b7:3a:6d:ea:92:66:ba:f6:83:a5:
    c6:60:dc:c6:04
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)
Seed:
    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
    b7:81:9f:7e:90

Con la opción -pkeyopt ec_param_enc:named_curve :

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:named_curve  -text
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglWEHQsiU1JdAQx09
r7JE/al6b0ldLUjTrBA6vbfH62WhRANCAASSoDWvKLeEbfuye3qJXxV1bcGwgVGz
FkCn3PE77MDiHukhX1SOI3nbtOISC2kvEEVa7l4MiN1u25y/S5avjLow
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
    00:95:61:07:42:c8:94:d4:97:40:43:1d:3d:af:b2:
    44:fd:a9:7a:6f:49:5d:2d:48:d3:ac:10:3a:bd:b7:
    c7:eb:65
pub:
    04:92:a0:35:af:28:b7:84:6d:fb:b2:7b:7a:89:5f:
    15:75:6d:c1:b0:81:51:b3:16:40:a7:dc:f1:3b:ec:
    c0:e2:1e:e9:21:5f:54:8e:23:79:db:b4:e2:12:0b:
    69:2f:10:45:5a:ee:5e:0c:88:dd:6e:db:9c:bf:4b:
    96:af:8c:ba:30
ASN1 OID: prime256v1
NIST CURVE: P-256

Sin esta opción, el valor predeterminado es utilizar explicit :

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -text                             -----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg8APlrpjwkK1j
7u8dLFxoZIREseEI6oxigSevcQ5dND2hRANCAARCCQFa8DqsxGDUt4LDgEfms7mK
zhuogqc21G2hPFHBckIIQ7T1lT6w2WNBSsw/UT4LdW09Ch2GAGjUabMB3sqE
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
    00:f0:03:e5:ae:98:f0:90:ad:63:ee:ef:1d:2c:5c:
    68:64:84:44:b1:e1:08:ea:8c:62:81:27:af:71:0e:
    5d:34:3d
pub:
    04:42:09:01:5a:f0:3a:ac:c4:60:d4:b7:82:c3:80:
    47:e6:b3:b9:8a:ce:1b:a8:82:a7:36:d4:6d:a1:3c:
    51:c1:72:42:08:43:b4:f5:95:3e:b0:d9:63:41:4a:
    cc:3f:51:3e:0b:75:6d:3d:0a:1d:86:00:68:d4:69:
    b3:01:de:ca:84
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)
Seed:
    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
    b7:81:9f:7e:90

Y con ecparam, los valores por defecto son al revés.

Con la opción -param_enc explicit :

$ openssl ecparam -genkey -name prime256v1 -param_enc explicit -text
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)
Seed:
    c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
    b7:81:9f:7e:90
-----BEGIN EC PARAMETERS-----
MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP//////////
/////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6
k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+
kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK
fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz
ucrC/GMlUQIBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIIBaAIBAQQghke2GCVyix7oDwB/56PI42fOHb+Jg+i2qM8RkkJsAF+ggfowgfcC
AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA////////////////
MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr
vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE
axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W
K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8
YyVRAgEBoUQDQgAE6B6QrWh0k+CsBnkrfePLKiD0FblNRlwN+pWWoZ4AVH3/9Px5
C63q9fJ3CZdeo9UlUoGkXqrRqVm1EtUWEHajvg==
-----END EC PRIVATE KEY-----

Con la opción -param_enc named_curve :

$ openssl ecparam -genkey -name prime256v1 -param_enc named_curve -text
ASN1 OID: prime256v1
NIST CURVE: P-256
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICAk+gW8qz7TbJ1oIp4BGrvGeX2a/gBM6c8A7LjGTg0poAoGCCqGSM49
AwEHoUQDQgAEIIkICva0uhtISmjyosAa1CJnGhoM3fBaYXNTTH5aPwhLKLTWDDAu
V9W0HKMTtBRh4XonaTE/zDesKwRr2ZQYmw==
-----END EC PRIVATE KEY-----

Sin opción, el valor predeterminado es utilizar named_curve :

$ openssl ecparam -genkey -name prime256v1 -text
ASN1 OID: prime256v1
NIST CURVE: P-256
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIH+E5y6cMaUjbnH4kJLOWDtkQ89vG12Jg7oBmdLvmunNoAoGCCqGSM49
AwEHoUQDQgAEBJE0zr7FZyDoFyUgMmYvsViEYAuVz7uCSzEjVVJs2RRbvFQKa3Gt
RX8wAcgfhK0zeAd4xjLfKJq5YTQm2vZ3vQ==
-----END EC PRIVATE KEY-----
    
respondido por el StackzOfZtuff 20.01.2017 - 16:10
fuente

Lea otras preguntas en las etiquetas