I am trying to understand how can I choose the ECDSA curve when generating a keypair using Java(7) keytool.
It would also help to find out what curve was used with the default settings.
Here is the command I use:
keytool -genkeypair -keyalg EC -alias myAlias -keystore myKeystore.jks -storepass myStorepass -keypass myKeypass -validity 730 -keysize 256 -dname "CN=myCn, OU=myOu, O=myO, C=myC" -v
The Oracle provided Java 7 implementation only uses the SEC curves. These are identical to the NIST standardized curves. In your case it is certain that P-256 was used. In Java however the original SEC name is used: "secp256r1".
So you could retrieve and encode the private key:
KeyStore store = KeyStore.getInstance("JKS");
store.load(new FileInputStream(args[0]), args[1].toCharArray());
ECPrivateKey key = (ECPrivateKey) store.getKey(args[2], args[3].toCharArray());
System.out.println(Base64.getEncoder().encodeToString(key.getEncoded()));
Then ASN.1 decode the contents:
SEQUENCE (3 elem)
INTEGER 0
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.10045.2.1
OBJECT IDENTIFIER 1.2.840.10045.3.1.7
OCTET STRING (1 elem)
SEQUENCE (2 elem)
INTEGER 1
OCTET STRING (32 byte) E935A4475D495ADA18A791C1222D5A3424CF540BDE42802F588C664082D10808
And then lookup the value for the second OBJECT IDENTIFIER (OID): 1.2.840.10045.3.1.7:
Covers "secp256r1", the elliptic curve domain listed in "SEC 2: Recommended Elliptic Curve Domain Parameters". The SEC (Standards for Efficient Cryptography) curves provide elliptic curve domain parameters at commonly required security levels for use by implementers of ECC standards like ANSI X9.62, ANSI X9.63, IEEE P1363, and other standards.
For EC, you can use -keysize to specify a curve!
You can also write some Java code to do this in a cleaner way.
Take a look at https://github.com/alokmenghrajani/ec-keytool. It's a simple tool that lets you create JCEKS entries with specific curves or view them in a way that is slightly better than what keytool prints out.
