Manual/OpenSSL

[OpenSSL] ECDSA ์šฉ Self-Sign ์ธ์ฆ์„œ ๋งŒ๋“ค๊ธฐ

JayKim๐Ÿ™‚ 2023. 4. 5. 18:25

ECDSA ์ธ์ฆ์„œ๋ฅผ ๋งŒ๋“ค๋ ค๋จผ ์šฐ์„  Named Curve๋ฅผ ์„ ํƒ ํ•ด์•ผ ํ•œ๋‹ค.

๋‹ค์Œ ๋ช…๋ น์–ด๋ฅผ ํ†ตํ•ด์„œ ๊ตฌํ•  ์ˆ˜ ์žˆ๋‹ค.

openssl ecparam -list_curves

์—ฌ๊ธฐ์„œ๋Š” ์ผ๋ฐ˜์ ์œผ๋กœ ๋งŽ์ด ์‚ฌ์šฉํ•˜๋Š” prime256v1 ( secp256r1 ) ์„ ์„ค๋ช… ํ•œ๋‹ค.

์šฐ์„  ๊ฐœ์ธํ‚ค๋ฅผ ์ƒ์„ฑ ํ•˜์ž

openssl ecparam -name prime256v1 -genkey -noout -out ecdsa_private_key.pem

์ƒ์„ฑ๋œ PEM ํŒŒ์ผ์€ ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIGT2Um3gW//u0sWCDZQ/XuD6Qizge3mLOZWXPLJrso9XoAoGCCqGSM49
AwEHoUQDQgAEowFoZg9qlBEGZJ46iWBeLV38Xy2P2FQWOMdNQoceqeevT+e1ZIu4
UZ03ePqB6FToUArLqHfW9O6FlsA9Bt2ZCA==
-----END EC PRIVATE KEY-----

์ด๋ฒˆ์—๋Š” ์ƒ์„ฑํ•œ ๊ฐœ์ธํ‚ค์—์„œ ๊ณต๊ฐœํ‚ค๋ฅผ ์ถ”์ถœ ํ•ด ๋ณด์ž

openssl ec -in ecdsa_private_key.pem -pubout -out ecdsa_public_key.pem

์ƒ์„ฑ ํ•œ ๊ณต๊ฐœํ‚ค๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEowFoZg9qlBEGZJ46iWBeLV38Xy2P
2FQWOMdNQoceqeevT+e1ZIu4UZ03ePqB6FToUArLqHfW9O6FlsA9Bt2ZCA==
-----END PUBLIC KEY-----

์ด์ œ ์ƒ์„ฑํ•œ ECDSA ํ‚ค๋กœ ์ž์‹ ์˜ ์„œ๋ช… ์ธ์ฆ์„œ๋ฅผ ๋งŒ๋“ค์–ด ๋ณด์ž

openssl req -new -x509 -key ecdsa_private_key.pem -out ecdsa_cert.pem -days 360

์ด ๋ช…๋ น์–ด๋ฅผ ์‹คํ–‰ ํ•˜๋ฉด ์ฃผ์ฒด์ž DN ์ •๋ณด๋ฅผ ์ž…๋ ฅ ํ•˜๋ฉด ๋œ๋‹ค.

์ƒ์„ฑํ•œ ์ธ์ฆ์„œ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค

-----BEGIN CERTIFICATE-----
MIICADCCAaegAwIBAgIUPNKFaqYwDZ/zCgztAhf9EIIjsPQwCgYIKoZIzj0EAwIw
VjELMAkGA1UEBhMCS1IxEzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBFRl
c3QxDjAMBgNVBAsMBURldmVsMRMwEQYDVQQDDApFQ0RTQV9DRVJUMB4XDTIzMDQw
NTA5MzAxNVoXDTI0MDMzMDA5MzAxNVowVjELMAkGA1UEBhMCS1IxEzARBgNVBAgM
ClNvbWUtU3RhdGUxDTALBgNVBAoMBFRlc3QxDjAMBgNVBAsMBURldmVsMRMwEQYD
VQQDDApFQ0RTQV9DRVJUMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEowFoZg9q
lBEGZJ46iWBeLV38Xy2P2FQWOMdNQoceqeevT+e1ZIu4UZ03ePqB6FToUArLqHfW
9O6FlsA9Bt2ZCKNTMFEwHQYDVR0OBBYEFH1VjlqWxlzVmfzMx5w8k9gzouKiMB8G
A1UdIwQYMBaAFH1VjlqWxlzVmfzMx5w8k9gzouKiMA8GA1UdEwEB/wQFMAMBAf8w
CgYIKoZIzj0EAwIDRwAwRAIgDdglCjUxo1VANyBm+JIbzW1jT0iPJBiU1p3VRZBH
P7ACIHucWPOy/kvbfY2BEggbhtzPHTT0v/9MFd2ezjWbf+3F
-----END CERTIFICATE-----

์ƒ์„ฑํ•œ ๊ฐœ์ธํ‚ค๋ฅผ pkcs12 ํ˜•์‹์œผ๋กœ ๋ณ€ํ˜• ํ•ด ๋ณด์ž

openssl pkcs12 -export -inkey ecdsa_private_key.pem -in ecdsa_cert.pem -out ecdsa.pfx -passout pass:passphrase

์ด๋•Œ ์ž…๋ ฅ๋œ passphrase ๊ฐ’์„ ์ž์‹ ์˜ ๊ฐ’์œผ๋กœ ๋„ฃ์–ด์„œ ํ‚ค ์ถ”์ถœ์‹œ์—๋„ ์ž…๋ ฅํ•˜๋Š” ๊ฐ’์ด๋ผ ์ž˜ ๊ธฐ์–ต ํ•ด์•ผ ํ•œ๋‹ค.