Using EVP_PKEY with EVP_EncryptInit_ex

Dmitry Belyavsky beldmit at gmail.com
Wed Apr 1 16:42:45 UTC 2020


Dear Andrew,

You should take a look at CMS implementation as a model.

For example, you can generate a symmetric key for content encryption and
algorithm-specific way to pass the symmetric key to the recipient using
EVP_PKEY_encrypt.



On Wed, Apr 1, 2020 at 7:35 PM Andrew Felsher <ncsuandrew12 at gmail.com>
wrote:

> Hi,
>
> I'm trying to do what I assumed would be a very common and typical use of
> OpenSSL. I'm just encrypting and decrypting some data (in code; not from
> command line). EVP_EncryptInit_ex (and decrypt, update, and final variants)
> are the standard way to do this.
>
> However, the init functions take a char buffer. All the examples I can
> find use hard-coded char buffer keys. But obviously I'm not going to be
> hard-coding my keys. I'm generating them through a couple different means,
> but ultimately I have EVP_PKEYs (in my case, containing RSA private keys).
> And there doesn't seem to be a straightforward way to go from EVP_PKEYs to
> a form consumable by the EVP init functions.
>
> EVP_PKEY_get_raw_private_key looks like it would be perfect, but it was
> introduced in 1.1.1 and I'm limited to 1.1.0.
>
> This seems like it would be a very common use case, yet I can't seem to
> find any examples or documentation anywhere.
>
> Am I doing something wrong or making some really off-base assumptions?
>
> Thanks for any help, pointers, or guidance,
> Andrew F
>


-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200401/4990a418/attachment.html>


More information about the openssl-users mailing list