Skip to content
Latchkey

openssl ec: Inspect and Convert EC Keys

openssl ec processes elliptic-curve keys, the way the rsa command processes RSA keys.

EC keys are small and fast, common for JWT signing and modern TLS. ec inspects and converts them.

What it does

openssl ec reads an EC private or public key and re-emits it, optionally extracting the public key (-pubout), printing parameters (-text), or changing the point conversion form (-conv_form).

Common usage

Terminal
openssl ec -in ec.pem -text -noout
openssl ec -in ec.pem -pubout -out ec-pub.pem
openssl ec -in ec.pem -conv_form compressed -out ec-compressed.pem

Options

FlagWhat it does
-puboutOutput the public key
-textPrint the key and curve details
-nooutSuppress the encoded key
-conv_form <form>Point form: compressed, uncompressed, hybrid
-passin pass:<x>Passphrase for an encrypted key

Common errors in CI

"unable to load Key" on a key generated by genpkey can happen if it was written as PKCS#8 and the consuming tool wants the SEC1 EC PRIVATE KEY header; re-emit with openssl ec to get the EC-specific header. "error:..:EC_GROUP_new_by_curve_name" means an unknown or disabled curve.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →