Elliptic Curve Private Key Structure
RFC 5915

Document Type RFC - Informational (June 2010; Errata)
Was draft-turner-ecprivatekey (individual in sec area)
Authors Daniel Brown  , Sean Turner 
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5915 (Informational)
Action Holders
Consensus Boilerplate Unknown
Telechat date
Responsible AD Tim Polk
Send notices to (None)
Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 5915                                          IECA
Category: Informational                                         D. Brown
ISSN: 2070-1721                                                 Certicom
                                                               June 2010

                  Elliptic Curve Private Key Structure


   This document specifies the syntax and semantics for conveying
   Elliptic Curve (EC) private key information.  The syntax and
   semantics defined herein are based on similar syntax and semantics
   defined by the Standards for Efficient Cryptography Group (SECG).

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any
   errata, and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Turner & Brown                Informational                     [Page 1]
RFC 5915          Elliptic Curve Private Key Structure         June 2010

1.  Introduction

   This document specifies a syntax and semantics for Elliptic Curve
   (EC) private key information.  EC private key information includes a
   private key and parameters.  Additionally, it may include the
   corresponding public key.  The syntax and semantics defined herein
   are based on similar syntax and semantics defined by the Standards
   for Efficient Cryptography Group (SECG) [SECG1].

   Most Public Key Infrastructures (PKIs) mandate local key generation;
   however, there are some PKIs that also support centralized key
   generation (e.g., the public-private key pair is generated by a
   Certification Authority).  The structure defined in this document
   allows the entity that generates the private and public keys to
   distribute the key pair and the associated domain parameters.

   This syntax is useful when distributing EC private keys using
   PrivateKeyInfo, as defined in PKCS #8 [RFC5208].  Distributing an EC
   private key with PKCS#8 [RFC5208] involves including:

   a) id-ecPublicKey, id-ecDH, or id-ecMQV (from [RFC5480]) with the
      namedCurve as the parameters in the privateKeyAlgorithm field; and
   b) ECPrivateKey in the PrivateKey field, which is an OCTET STRING.

   When an EC public key is included in the distributed PrivateKeyInfo,
   the publicKey field in ECPrivateKey is used.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

3.  Elliptic Curve Private Key Format

   This section gives the syntax for an EC private key.
   Computationally, an EC private key is an unsigned integer, but for
   representation, EC private key information SHALL have ASN.1 type

   ECPrivateKey ::= SEQUENCE {
     version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
     privateKey     OCTET STRING,
     parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
     publicKey  [1] BIT STRING OPTIONAL

Turner & Brown                Informational                     [Page 2]
RFC 5915          Elliptic Curve Private Key Structure         June 2010

   The fields of type ECPrivateKey have the following meanings:

   o  version specifies the syntax version number of the elliptic curve
      private key structure.  For this version of the document, it SHALL
      be set to ecPrivkeyVer1, which is of type INTEGER and whose value
      is one (1).

   o  privateKey is the private key.  It is an octet string of length
      ceiling (log2(n)/8) (where n is the order of the curve) obtained
      from the unsigned integer via the Integer-to-Octet-String-
      Primitive (I2OSP) defined in [RFC3447].
Show full document text