X9.62 key encoding is used to encode public or private keys using [[Knowledge Base/Cryptography/Elliptical Curve Cryptography/! Overview|Elliptical Curve Cryptography]], taking far less space than encoding a key using [[PEM Key Encoding]] or [[DER Key Encoding]]. It's useful when you know you're going to use elliptical curves. This encodes the following information: # Structure (I am not an authority. This is just my notes.) ## 1. Curve Parameters Curve parameters are encoded using [[DER Key Encoding]] using the `ECParameters` structure. There are three options for representing curve parameters: 1. **Using a named curve's OID** 1. For example, `1.3.132.0.34` for SECP384R1). 2. **Using explicit parameters** 1. Field parameters, curve coefficients, base point, order, and cofactor. 3. **Implicit agreement** 1. Not explicitly set but agreed upon by the sender and recipient, though this isn't commonly in use. 2. `ECParameters` would be `null` or just left out here. ## 2. Public Key Encoding The public key is encoded as an Octet String containing the public point $Q = (x, y)$ on the curve. $X$ and $Y$ are each fixed-length, big-endian byte strings, where the length is `ceil(field_bits / 8)`. There are three options for encoding this point: * **Uncompressed** * Bytes: `0x02` + `X` + `Y` * **Compressed** * If `Y` is even: * Bytes: `0x02` + `X` * Else: * Bytes: `0x03` + `Y` * **Hybrid** (rare/legacy) * If `Y` is even: * Bytes: `0x06` + `X` + `Y` * Else: * Bytes: `0x07` + `X` + `Y` ## 3. Private Key Encoding The private key is encoded using the `ECPrivateKey` structure for [[DER Key Encoding]]. It looks like: ``` ECPrivateKey ::= SEQUENCE { version INTEGER {ecPrivkeyVer(1) } (ecPrivkeyVer1), privateKey OCTET STRING, -- `d` as big endian parameters [0] ECParameters OPTIONAL, -- curve params publicKey [1] BIT STRING OPTIONAL, -- matching public key } ```