You can find examples below describing how to generate a public and private key pair.
Command Line: OpenSSL NodeJS: SubtleCrypto Python
Generate an ECDSA DER key pair on the command line using OpenSSL
1) Generate a new private key and output to file as a PEM.
Copy openssl ecparam -name prime256v1 -genkey -noout -out privkey.pem
2) Using your private key PEM, generate a private key DER and output to file.
Copy openssl pkcs8 -topk8 -inform PEM -outform DER -in privkey.pem -out privkey.der -nocrypt
3) Using your private key DER, generate a public key DER and output to file.
Copy openssl ec -inform der -in privkey.der -pubout -outform der -out pubkey.der
Copy $ cat privkey.der | base64
$ cat pubkey.der | base64
Generate an ECDSA key pair with NodeJS
Copy const buffer = require('buffer');
const crypto = require('crypto');
async function createEcdsaKeyPair() {
const keyPair = await crypto.subtle.generateKey(
{
name: 'ECDSA',
namedCurve: 'P-256',
},
true,
['sign', 'verify'],
);
const publicKey = await crypto.subtle.exportKey('spki', keyPair.publicKey)
.then((key) => {
const publicKeyDer = String.fromCharCode
.apply(null, new Uint8Array(key));
const publicKey = Buffer.from(publicKeyDer, 'binary')
.toString('base64');
return publicKey;
}
);
const privateKey = await crypto.subtle.exportKey('pkcs8', keyPair.privateKey)
.then((key) => {
const privateKeyDer = String.fromCharCode
.apply(null, new Uint8Array(key));
const privateKey = Buffer.from(privateKeyDer, 'binary')
.toString('base64');
return privateKey;
}
);
return { publicKey, privateKey };
}
Generate an ECDSA key pair with Python
Copy from base64 import b64encode
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec
def create_key_pair(password=None):
private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
return (
private_key.private_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(bytes(password))
if password is not None
else serialization.NoEncryption()
),
private_key.public_key().public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
),
)
private_key, public_key = create_key_pair()
print(f'private key: {b64encode(private_key).decode()}')
print(f'public key: {b64encode(public_key).decode()}')