# Generate ECDSA Key Pair

{% hint style="info" %}
NOTE: Contact Quadrata via [email](mailto:contact@quadrata.com) to request submission of a new public key.
{% endhint %}

{% hint style="success" %}
You can find examples below describing how to generate a public and private key pair.
{% endhint %}

{% tabs %}
{% tab title="Command Line: OpenSSL" %}
Generate an ECDSA DER key pair on the command line using OpenSSL

***

1\) Generate a new private key and output to file as a PEM.

```shell
openssl ecparam -name prime256v1 -genkey -noout -out privkey.pem
```

2\) Using your private key PEM, generate a private key DER and output to file.

```sh
openssl pkcs8 -topk8 -inform PEM -outform DER -in privkey.pem -out privkey.der -nocrypt
```

3\) Using your private key DER, generate a public key DER and output to file.

```sh
openssl ec -inform der -in privkey.der -pubout -outform der -out pubkey.der
```

{% hint style="info" %}
The keys generated from these commands, stored at `privkey.der` and `pubkey.der` are DER keys and will be in binary format. You will need to convert them to base64.
{% endhint %}

```sh
$ cat privkey.der | base64
$ cat pubkey.der | base64
```

{% endtab %}

{% tab title="NodeJS: SubtleCrypto" %}
Generate an ECDSA key pair with NodeJS

```javascript
const buffer = require('buffer');
const crypto = require('crypto');

async function createEcdsaKeyPair() {	
    const keyPair = await crypto.subtle.generateKey(
        {
            name: 'ECDSA',
            namedCurve: 'P-256',
        },
        true,
        ['sign', 'verify'],
    );

    const publicKey = await crypto.subtle.exportKey('spki', keyPair.publicKey)
        .then((key) => {
            const publicKeyDer = String.fromCharCode
                .apply(null, new Uint8Array(key));
            const publicKey = Buffer.from(publicKeyDer, 'binary')
                .toString('base64');
            return publicKey;
        }
    );

    const privateKey = await crypto.subtle.exportKey('pkcs8', keyPair.privateKey)
        .then((key) => {
            const privateKeyDer = String.fromCharCode
                .apply(null, new Uint8Array(key));
            const privateKey = Buffer.from(privateKeyDer, 'binary')
                .toString('base64');
            return privateKey;
        }
    );

    return { publicKey, privateKey };
}
```

{% endtab %}

{% tab title="Python" %}
Generate an ECDSA key pair with Python

```python
from base64 import b64encode
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec

def create_key_pair(password=None):
    private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
    return (
        private_key.private_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.BestAvailableEncryption(bytes(password))
            if password is not None
            else serialization.NoEncryption()
        ),
        private_key.public_key().public_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PublicFormat.SubjectPublicKeyInfo,
        ),
    )

private_key, public_key = create_key_pair()

print(f'private key: {b64encode(private_key).decode()}')
print(f'public key: {b64encode(public_key).decode()}')
```

{% endtab %}
{% endtabs %}