Asymetric crypto and OpenSSL 3.0 deprecated functions

Emmanuel Deloget logout at free.fr
Tue May 26 08:25:03 UTC 2020 

Hello Richard and everybody,

First, thanks all for your valuable responses ; be sure that I heard
you and I fully understand your remarks (for the record, I do generate
a signature on the binary using yet another key pair and I fully get
that encrypting the AES key in my case is a bit overkill given the
fact that it does not provide any added security).

On Mon, May 25, 2020 at 6:14 PM Richard Levitte <levitte at openssl.org> wrote:
>
> On Mon, 25 May 2020 13:20:28 +0200,
> Emmanuel Deloget wrote:
> > In my development I'm using a idiom that's not as widely used as I
> > thought (as I get it after multiple days of searching out there). In
> > order to securely distribute a binary, I encrypt it using an AES key
> > and the AES key itself is encrypted using a /private/ RSA key I own.
>
> That's a perfectly viable thing to do, and is usually called "signing",
> and what you're signing here is the AES key.
>
> > Only owners of the /public/ key (which, as it is a publilc key, may
> > leak) can decrypt the AES key, and therefore the binary.
>
> Which is usually called "verifying the signature".
>
> This looks like object signing to me.

It definitely looks like this, yes.

> > Of course, in order to do this I rely on RSA_private_encrypt() and
> > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt()
> > cannot be used(*).
>
> EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to
> use.  However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover()
> (if I read you correctly, that's the function you need, rather than a
> mere EVP_PKEY_verify()).
>
> > So, after that long introduction, here is my question : is there any
> > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private
> > key and decrypt using a public key?
>
> Yes, see above.  Those functions have been around for a while, I think
> you can start playing with them in any current OpenSSL version.

The _recover() function was the missing piece in  my understanding of
the library. I'll check that as soon as possible. Thanks a lot !

BTW, maybe this information should be made more easily available (on
the man page for RSA_private_encrypt()/RSA_public_decrypt() maybe ?)

> Cheers,
> Richard
>
> --
> Richard Levitte         levitte at openssl.org
> OpenSSL Project         http://www.openssl.org/~levitte/

Best regards,

-- Emmanuel Deloget

More information about the openssl-users mailing list