[openssl-users] Implementing ECDSA in an engine

Reinier Torenbeek reinier.torenbeek at gmail.com
Sun Jun 28 02:54:29 UTC 2015


Hello Steve,

Thank you for the response. The ECDSA_set_default_method() indeed sets
up the functionality as you describe below and that seems to be good
enough for me (for now...).

Best regards,
Reinier

On 6/26/15 4:25 PM, Dr. Stephen Henson wrote:
> On Fri, Jun 26, 2015, Reinier Torenbeek wrote:
>
>> The mechanism for implementing ECDSA in my own engine is unclear to me.
>> Unfortunately, none of the example engines implement ECDSA so it is hard
>> for me to find answers.
>>
>> Invoking ENGINE_set_ECDSA() does not seem to be sufficient: my setup,
>> sign and verify methods never get invoked.
>>
> There are two separate ways you can implement a public key algorithm in an
> ENGINE.
>
> The first is a default method which is then used for every single operation. 
> This is most suited to cryptographic accelerators.
>
> The second is a key specific method which is utilised for some (and maybe not
> all) operations on one key. This would be most suited for a smart card for
> example where signing might be performed by the card but verification
> performed by OpenSSL itself.
>
> The second form isn't well supported for ECDSA at present though you can sort
> of get that functionality using the first technique. That will be fixed
> at some point most likely in the master branch for OpenSSL 1.1.0.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



More information about the openssl-users mailing list