x509.ParseECPrivateKey cannot parse ECDSA (256-bit curve) keys generated using openssl ecparams

[megha...@gmail.com]

Even though ParseECPrivateKey  can parse a key generated via ecdsa.GenerateKey(elliptic.P256(), rand.Reader) with no issues it fails for me when I feed it with a key generated using

openssl ecparam -name secp256k1 -genkey -out ecdsa_private.pem

This generates a ***********x509: failed to parse EC private key: asn1: structure error: tags don't match (16 vs {class:0 tag:6 length:5 isCompound:false}) {optional:false explicit:false application....

Feeding a key generated using

openssl ecparam -name secp256k1 -genkey -noout -out ecdsa_private_hide_params.pem

gets past the asn1.Unmarshal() stage but fails with a  ********* x509: unknown elliptic curve

Any help or information will be much appreciated!

[as....@gmail.com]

Openssl is generating a koblitz curve. Golang supports the standard FIPS curves. Try replacing secp256k1 with prime256v1.

[adam.w...@gmail.com]

Hi Megha,

Generate the key in DER format instead of PEM.

openssl ecparam -genkey -name secp384r1 -outform der -noout -out key.der

You can then read in the file using ioutil.ReadFile() for instance, and pass the byte slice to x509.ParseECPrivateKey().

Adam

[m...@scottgreenup.com]

I wanted to say that this is the correct answer and helped me a lot.