Generate ECDSA Key Pair

NOTE: Contact Quadrata via email to request submission of a new public key.

You can find examples below describing how to generate a public and private key pair.

Generate an ECDSA DER key pair on the command line using OpenSSL

1) Generate a new private key and output to file as a PEM.

openssl ecparam -name prime256v1 -genkey -noout -out privkey.pem

2) Using your private key PEM, generate a private key DER and output to file.

openssl pkcs8 -topk8 -inform PEM -outform DER -in privkey.pem -out privkey.der -nocrypt

3) Using your private key DER, generate a public key DER and output to file.

openssl ec -inform der -in privkey.der -pubout -outform der -out pubkey.der

The keys generated from these commands, stored at privkey.der and pubkey.der are DER keys and will be in binary format. You will need to convert them to base64.

$ cat privkey.der | base64
$ cat pubkey.der | base64

Generate an ECDSA key pair with NodeJS

const buffer = require('buffer');
const crypto = require('crypto');

async function createEcdsaKeyPair() {	
    const keyPair = await crypto.subtle.generateKey(
        {
            name: 'ECDSA',
            namedCurve: 'P-256',
        },
        true,
        ['sign', 'verify'],
    );

    const publicKey = await crypto.subtle.exportKey('spki', keyPair.publicKey)
        .then((key) => {
            const publicKeyDer = String.fromCharCode
                .apply(null, new Uint8Array(key));
            const publicKey = Buffer.from(publicKeyDer, 'binary')
                .toString('base64');
            return publicKey;
        }
    );

    const privateKey = await crypto.subtle.exportKey('pkcs8', keyPair.privateKey)
        .then((key) => {
            const privateKeyDer = String.fromCharCode
                .apply(null, new Uint8Array(key));
            const privateKey = Buffer.from(privateKeyDer, 'binary')
                .toString('base64');
            return privateKey;
        }
    );

    return { publicKey, privateKey };
}

Generate an ECDSA key pair with Python

from base64 import b64encode
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec

def create_key_pair(password=None):
    private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
    return (
        private_key.private_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.BestAvailableEncryption(bytes(password))
            if password is not None
            else serialization.NoEncryption()
        ),
        private_key.public_key().public_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PublicFormat.SubjectPublicKeyInfo,
        ),
    )

private_key, public_key = create_key_pair()

print(f'private key: {b64encode(private_key).decode()}')
print(f'public key: {b64encode(public_key).decode()}')

PreviousFull Example NextAPI Get Privacy Permissions

Last updated 5 months ago