Generate public key from 256 bit private key

[Aefan]

Hi,

i want to build an PHP class with some bitcoin tools for generating a bitcoin address, a WIF key compressed and uncompressed or something else.
i've generated keys with http://brainwallet.org/#generator to test my functions. everything is ok.

now i want to create a public and private key by myself using OpenSSL for windows.
i know that i can generate an EC private key with the following commands:

Code:

openssl ecparam -name secp256k1 -noout -genkey -out key.pem
openssl ec -outform DER -in key.pem -out key.der

private key is starting at byte 9 and length is 32 bytes
public key are the last 65 bytes of the EC private key.
everything works fine and correct.

but now i want to generate a public key just from the 32 byte private key without the whole EC private key "overhead".
it seems to be possible because http://brainwallet.org/#generator do it (private key as hex string in secret exponent).
how can i do this with OpenSSL? is there an easy way to do this?

thx

[fbueller]

https://github.com/Bit-Wasp/bitcoin-lib-php hope this helps! It requires the php5-gmp extension, and uses Mathyas Danthers PHP ECC library.

[kjj]

Unless something has changed in very recent versions of openssl, your options are limited to creating new keypairs, or importing a privkey in certificate form.  And I'm actually not positive about the second one.

One way or another, you'll need to install something else.

[TMorita]

The whole point of public key encryption is you cannot generate a public key from a private key, and vice versa.

Toshi

[DannyHamilton]

The whole point of public key encryption is you cannot generate a public key from a private key, and vice versa.

Toshi

Where did you get an idea like that?

Public keys can always be generated from a private key.

[TMorita]

The whole point of public key encryption is you cannot generate a public key from a private key, and vice versa.

Toshi

Where did you get an idea like that?

Public keys can always be generated from a private key (although apparently you need some tool other than openssl).

This doesn't sound right.

AFAIK a public-key encryption algorithm relies on two keys: a private key and a public key.

Messages encoded using the private key can be decoded using the public key, and vice versa.

Therefore, PKE can be used for authentication because one can prove one owns the private key matching a certain public key without disclosing the private key itself.

If a private key corresponding to a public key can be generated arbitrarily, then this allows impersonation.

Toshi

[DannyHamilton]

This doesn't sound right.

AFAIK a public-key encryption algorithm relies on two keys: a private key and a public key.

Bitcoin uses an eliptic curve digital signature algorithm (ECDSA), not encryption, to protect the bitcoins.

Messages encoded using the private key can be decoded using the public key, and vice versa.

Signatures created with the private key can be verified with the public key.  Signatures are not created with the public key.

Therefore, PKE can be used for authentication because one can prove one owns the private key matching a certain public key without disclosing the private key itself.

Correct.  The signature is provided.  The signature is verified with the public key (which is disclosed).

If a private key corresponding to a public key can be generated arbitrarily, then this allows impersonation.

Correct.  It is not possible to generate a private key corresponding to a public key.

It is, however, possible to generate a public key corresponding to a private key (which is what the OP asked, and what I already explained).



ECDSA is a digital signature algorithm.

The public key is provided to EVERYBODY.  It is PUBLIC.

The signature is created with the private key, and verified with the public key.

Therefore, impersonation is not possible unless you have the private key to create the signature (which is why it is very important to protect the private key).

There is a mathematical relationship between the private key and the public key.

It is relatively fast and easy for a computer to generate the public key if you have the private key. This means the owner of the private key doesn't need to keep a copy of the public key, they can regenerate it anytime they want as long as they have a copy of the private key.

There is currently no known way to calculate a private key if you have the public key.  This means the owner of the private key can give out the public key without any concern about anyone figuring out what the private key is.

[Aefan]

The whole point of public key encryption is you cannot generate a public key from a private key, and vice versa.

That's wrong Of course you can generate a public key from a private key. that's a basic function of a key pair cryptography. that is what SSL/TLS do in a HTTPS communication for example.
if you have a private RSA key, you can generate a public key with PuTTYgen from it. you got a public key generated from the private key. you can not decrypt any encrypted data with the public key, but with the private key.

@fbueller:
thank you very much the lib is using an ECC-lib for generating an private key and a public key from it. that's exactly what i want and it works

@kjj:
the problem is that i cannot build an private certificate with the private key. i need the public key for that. without the public key openssl will not generate a public key... that's an paradoxon

@Wolf0:
mhh my C skills are very limited. don't know how to compile and use it. is there a compiled executable for windows?

[kjj]

Nitpick: In the case of RSA, a general number field sieve will do it. Although, it will take thousands of years for large keys.

Nitpick 1: that's a search, not a calculation.
Nitpick 2: searching for the keys we use would take billions of years.

[DeathAndTaxes]

OpenSSL is probably not the best tool.  The issue is there is no parameter for "just give me the raw private key and compressed public key in hex format.

Here is the closest I have found

Code:

C:\OpenSSL-Win64\bin>openssl ecparam -name secp256k1 -genkey -noout -outform DER -out e:\priv.der
Loading 'screen' into random state - done

C:\OpenSSL-Win64\bin>openssl ec -conv_form compressed -inform DER -in e:\priv.der -text -noout
read EC key

Private-Key: (256 bit)
priv:
    00:f3:30:10:43:d3:aa:3e:ba:c9:c3:3e:ba:74:7f:
    be:6f:05:7e:2e:01:b0:1c:c8:c9:d3:ac:86:59:c4:
    63:f1:3d
pub: 
    03:a0:3b:51:eb:dc:99:50:c6:76:7e:c9:5b:43:fd:
    73:4b:50:ed:48:2e:98:4a:28:09:8f:c2:bc:17:c9:
    4e:2b:fe
ASN1 OID: secp256k1

If you need it output to a file you can use a pipe output like

Code:

C:\OpenSSL-Win64\bin>openssl ec -conv_form compressed -inform DER -in e:\priv.der -text -noout > e:\keypair.der
read EC key

The prior screen output will be redirected to the file.  You are still going to need to do some parsing but it should be cleaner.  One thing to watch for is there is a leading zero 0x00 before the private key (not it is 66 hex values not 64).

Also I was having some issues verifying output using brainwallet.  It wouldn't accept some keys despite being valid (might be a browser issue) and I don't like how it will replace outputs when you click in an attempt to refresh.  I would recommend using bitaddresses.org instead (use the wallet detail tab).

[RoxxR]

Also have a look at this:
https://bitcointalk.org/index.php?topic=424691.60