xml.CryptoKey.generateEllipticCurveKey

Generates a new ECDSA key for the specified named elliptic curve.

Syntax

generateEllipticCurveKey(
  curveName STRING )

Usage

Generates a new ECDSA key using the specified curve name. The curveName parameter must be one of the following strings:

secp256k1
prime256v1 (also known as secp256r1)
secp384r1
secp521r1

For more information about why you might choose one elliptic curve over another, refer to Elliptic curves

The xml.CryptoKey.generateEllipticCurveKey method raises an exception if called on a non-ECDSA xml.CryptoKey object or if the curveName is invalid.

Example:

IMPORT xml
DEFINE key xml.CryptoKey
LET key = xml.CryptoKey.Create(key_url)
CALL key.generateEllipticCurveKey("curveName")
-- The key now contains a new ECDSA key for the specified curve

Where:

key_url is the URL for the supported key algorithm of one of the supported curves listed above.
curveName is one of the supported curves shown above.

For optimal security, it is essential to use the appropriate key size with the corresponding algorithm: using a key generated with secp256k1 (256 bits) with the ecdsa-sha512 algorithm (512 bits) will not enhance security compared to using the same key with the ecdsa-sha256 algorithm. Always ensure that the key and algorithm are aligned to best practices for effective cryptographic security.

In case of error, the method throws an exception and sets the status variable. Depending on the error, a human-readable description of the problem is available in the sqlca.sqlerrm register. See Error handling in GWS calls (status).