Generate ECDSA Key Pair

NOTE: Contact Quadrata via email to request submission of a new public key.

You can find examples below describing how to generate a public and private key pair.

The keys generated from these commands are DER keys and will be in binary format. You will need to convert them to base64.

$ cat privkey.der | base64
$ cat pubkey.der | base64

Generate an ECDSA key pair with NodeJS

const buffer = require('buffer');
const crypto = require('crypto');

async function createEcdsaKeyPair() {	
    const keyPair = await crypto.subtle.generateKey(
        {
            name: 'ECDSA',
            namedCurve: 'P-256',
        },
        true,
        ['sign', 'verify'],
    );

    const publicKey = await crypto.subtle.exportKey('spki', keyPair.publicKey)
        .then((key) => {
            const publicKeyDer = String.fromCharCode
                .apply(null, new Uint8Array(key));
            const publicKey = Buffer.from(publicKeyDer, 'binary')
                .toString('base64');
            return publicKey;
        }
    );

    const privateKey = await crypto.subtle.exportKey('pkcs8', keyPair.privateKey)
        .then((key) => {
            const privateKeyDer = String.fromCharCode
                .apply(null, new Uint8Array(key));
            const privateKey = Buffer.from(privateKeyDer, 'binary')
                .toString('base64');
            return privateKey;
        }
    );

    return { publicKey, privateKey };
}

Generate an ECDSA key pair with Python

from base64 import b64encode
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec

def create_key_pair(password=None):
    private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
    return (
        private_key.private_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.BestAvailableEncryption(bytes(password))
            if password is not None
            else serialization.NoEncryption()
        ),
        private_key.public_key().public_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PublicFormat.SubjectPublicKeyInfo,
        ),
    )

private_key, public_key = create_key_pair()

print(f'private key: {b64encode(private_key).decode()}')
print(f'public key: {b64encode(public_key).decode()}')

PreviousFull Example NextAPI Get Privacy Permissions

Last updated 2 months ago