Re: openssl making private/public keys for ethereum

Quote from: sunsetblues on March 23, 2018, 09:44:00 AM

Quote from: starmyc on March 23, 2018, 05:56:35 AM

A tricky way to do this is to make use of DER files, and to recreate one to import your key. This is a little hacky, but it works.

This is how I did it in a few minutes:

1/ First, create a private key (you won't use, you just need the file structure) in PEM format:

Code:

$ openssl ecparam -name secp256k1 -genkey -noout > private.key

We could directly create a DER file though, using a -outform DER, by the way.

1 (optional)/ What's cool about DER format is that you can dump in ASN.1 its structure. It is interesting and you should take a look at it:

Code:

$ cat private.key | openssl asn1parse -in - -inform DER
   0:d=0 hl=2 l= 116 cons: SEQUENCE
   2:d=1 hl=2 l= 1 prim: INTEGER :01
   5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:BCDA55068C63324BB5CD05696264ED474467A3F1CC95CE83C00BC497F064F4B6
   39:d=1 hl=2 l= 7 cons: cont [ 0 ]
   41:d=2 hl=2 l= 5 prim: OBJECT :secp256k1
   48:d=1 hl=2 l= 68 cons: cont [ 1 ]
   50:d=2 hl=2 l= 66 prim: BIT STRING

2/ From the private.key PEM file, convert it in DER and extract the header, the key, and the footer.

Code:

$ ll private.key
-rw-------. 1 mycroft mycroft 223 Mar 23 06:51 private.key
$ openssl ec -in private.key -outform DER 2>/dev/null|head -c 7 > header.bin
$ openssl ec -in private.key -outform DER 2>/dev/null|tail -c +8|head -c 32 > key.bin
$ openssl ec -in private.key -outform DER 2>/dev/null|tail -c +40 > footer.bin
$ ll *bin
-rw-rw-r--. 1 mycroft mycroft 79 Mar 23 06:53 footer.bin
-rw-rw-r--. 1 mycroft mycroft 7 Mar 23 06:53 header.bin
-rw-rw-r--. 1 mycroft mycroft 32 Mar 23 06:53 key.bin

3/ Replace the key I just created by yours

Code:

$ echo A114dad00000000000faced00000000000bad000000000decaf00c02bad02bad | xxd -r -p > key.bin

4/ Rebuild & check the complete DER file

Code:

$ cat header.bin key.bin footer.bin > private_key.der
$ cat private_key.der | openssl asn1parse -in - -inform DER
   0:d=0 hl=2 l= 116 cons: SEQUENCE
   2:d=1 hl=2 l= 1 prim: INTEGER :01
   5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:A114DAD00000000000FACED00000000000BAD000000000DECAF00C02BAD02BAD
   39:d=1 hl=2 l= 7 cons: cont [ 0 ]
   41:d=2 hl=2 l= 5 prim: OBJECT :secp256k1
   48:d=1 hl=2 l= 68 cons: cont [ 1 ]
   50:d=2 hl=2 l= 66 prim: BIT STRING

See ? Same structure, different key! Voodoo magic!

5/ recreate your "Key" file:

Code:

$ openssl ec -in private_key.der -inform DER -text -noout
read EC key
Private-Key: (256 bit)
priv:
   a1:14:da:d0:00:00:00:00:00:fa:ce:d0:00:00:00:
   00:00:ba:d0:00:00:00:00:de:ca:f0:0c:02:ba:d0:
   2b:ad
pub:
   04:d5:53:99:c9:4d:1f:1f:7f:f1:5b:c5:13:d1:96:
   34:2b:c8:22:dc:23:9d:f0:55:d6:72:3c:f0:b6:2c:
   c8:20:e8:dd:13:40:4b:3a:0d:e5:64:ce:6a:20:e6:
   23:ee:2a:17:18:23:d0:6f:0b:13:30:4a:d7:f5:2a:
   c2:28:2e:40:33
ASN1 OID: secp256k1

And we're done.

You're a genius starmyc! Thank you for taking the time to explain this it works like a charm... Sent you the only sendable merit I had. ;0)

Well heck this doesn't work as expected. Run the keccak hash on the public key and the address doesn't match the wallet address for the private key according to myetherwallet.com.

cat Key | grep pub -A 5 | tail -n +2 |tr -d '\n[:space:]:' | sed 's/^04//' > pub

cat pub | keccak-256sum -x -l | tr -d ' -' | tail -c 41 > address

Seems the public key produced belongs to the original key file created when this command was ran:
openssl ecparam -name secp256k1 -genkey -noout > private.key

But I'm still going to call you a genius b/c that hack was pretty clever and taught me some things I didn't know. :0)