Skip to content

Generate a private key with OpenSSL

Jump to bottom
Avvrik edited this page Jan 11, 2019 · 3 revisions

To check if KeyChain adheres to encryption standards, you can generate a private key from a KeyChain JSON file using an openSSL utility.

To illustrate how it works, we shall take a key file from the key_data folder

Here is the contents of 76de427d42c38be4.json:

{
  "filetype": "TYPE_KEY",
  "keyname": "test1",
  "description": "",
  "keychain_version": "0.9",
  "keyinfo": {
    "format": "FORMAT_ARRAYIO",
    "encrypted": true,
    "curve_type": "secp256k1",
    "priv_key_data": {
      "cipher_type": "aes256",
      "iv": "bb104b287748b6714f543370fc9a4730",
      "enc_data": "0d98d71da8515fca89aac89f8280861fa349169025caed6dbb836e4ba9e184fad298a0238fb38c0a7cf4a38dfd77e783e17d77c6a39ce0f42ecfd35f05269df16d6e67f058cc91b17d02309c0f1f88d4"
    },
    "public_key": "082d578f8b53f7640362bc490d02a5a0fd9a81bd43b600414573cb39bec492e3530679bca49c117b19fd8636a972c11b67235d1bc6dc556f0d5b9fcd140323e0"
  }
}

To get a private key, we should use the following command:

openssl enc -nosalt -aes-256-cbc -d -in myBinaryFile -K B5BA77AF1F7BDA735894E746A199ACB1D2C836424DA2FC46BEBB55423DCCBFF8 -iv bb104b287748b6714f543370fc9a4730

Result:

b3d3427eea7867c243baaf2f4c67a9551eea2ea96556acfb0051dffa18d182d4

The command has three parameters: myBinaryFile, -K, and -iv

  1. myBinaryFile - a binary file that we need to get.

Here is how we can do that. The line enc_data from our json file is in hex format. This line should be transposed to a binary file.

For example, we can accomplish that with a xxd utility:

xxd -r -p 1.txt myBinaryFile
  1. -K ...

SHA2-512 from the passphrase. We take the first half of the line (the first 64 symbols).

The passphrase for this key: qwe

Now we are going to use a sha512 hash generating service that you can find here.

Result:

B5BA77AF1F7BDA735894E746A199ACB1D2C836424DA2FC46BEBB55423DCCBFF871877A30FAB77A31E47B0A29EA0154882E532E9A29B220A8F2958773313BBB2A

If we take the first half of the line, we get:

B5BA77AF1F7BDA735894E746A199ACB1D2C836424DA2FC46BEBB55423DCCBFF8
  1. iv is taken as is from the json file
Clone this wiki locally