Chapter 7 Public-Key Operations 271
Performing Elliptic Curve Operations
Retrieving an Elliptic Curve KeyIf you need to store or transport information about your elliptic curve keys, you need
to be able to retrieve the key information from an algorithm object. This section
outlines the steps needed to retrieve information for a public key. The steps for
retrieving a private key are similar.
You need to call B_GetKeyInfo with the appropriate KI. The Reference Manual
describes two KIs for use with elliptic curve public keys: KI_ECPublic and
KI_ECPublicComponent. However, KI_ECPublicComponent does not supply the elliptic
curve parameters, which must be associated with any elliptic curve key. Therefore,
you can only use KI_ECPublicComponent if you only need the public component, for
example, if you have already retrieved the appropriate EC parameters. Therefore, for
this example, you’ll use KI_ECPublic.
KI_ECPublic gives a pointer to an A_EC_PUBLIC_KEY structure:
After you have your public key information in the key object
publicKey
, make a call to
B_GetKeyInfo. See “Generating an Elliptic Curve Key Pair” on page268 for more
information:
B_DestroyAlgorithmObject(&ecKeyGen);
B_DestroyAlgorithmObject(&randomAlgorithm);
B_DestroyKeyObject(&publicKey);
B_DestroyKeyObject(&privateKey);
typedef struct {
ITEM publicKey; /* public component */
A_EC_PARAMS curveParams; /* the underlying elliptic curve parameters */
} A_EC_PUBLIC_KEY;
A_EC_PUBLIC_KEY *cryptocPublicKeyInfo;
if ((status = B_GetKeyInfo((POINTER *)&cryptocPublicKeyInfo,
*publicKey, KI_ECPublic)) != 0)
break;