Generate private keys for either ES256, ES384, or ES512

OpenSSLElliptic-Curve CryptographyCryptographic SignaturesECDSA
Table of contents
  • Source

In one of my other notes, I went over how to generate a set of elliptic-curve keypair using OpenSSL.

This note will go over how to generate curves for either ES256, ES384, and ES512.

There is not much to it. You simply need to change one of the parameters for the EC private key generation. The public key generation is exactly the same as the earlier tutorial on how to generate a set of EC keypair.

First, the private key:

# Replace `private.ec.key` with anything you want.
openssl ecparam -name $CURVE -genkey -noout -out private.ec.key

Replace $CURVE with any of the following:


(The above curves to be used are outlined in section 3.1 of RFC 7518.)

Then, to generate the public key:

# Replace `public.pem` with anything that you want.
# Be sure that `private.ec.key` is pointing to the correct private key path.
openssl ec -in private.ec.key -pubout -out public.pem


Want to make your own site like this? Try gatsby-theme-code-notes by Zander Martineau.
Notes on code. My second brain, by Sal Rahman.