OpenSSL 3.0.0 APIs for creating an EVP_PKEY from a p256 private key octet string

Stephen Farrell stephen.farrell at cs.tcd.ie
Tue Mar 9 02:44:20 UTC 2021


Hiya,

On 08/03/2021 02:37, Benjamin Kaduk wrote:
> Hi Stephen :)
> 
> The API you'll want to use is EVP_PKEY_fromdata(); there's
> a stubbed out example of using it to make an EVP_PKEY with
> EC group parameters at
> https://github.com/openssl/openssl/issues/14258#issuecomment-783351031
> but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY
> (and possibly OSSL_PKEY_PARAM_PUB_KEY; I forget if you need
> to pass both) should be fairly straightforward.

Thanks for that! I worked around a few things and still need
to tidy-up but got things working that way without any more
deprecation warnings.

> 
> Let us know if you run into trouble with that route.

One outstanding issue is that I still need different code
paths for NIST curves vs. 25519 & 448 - is that just me
(quite likely:-) or should these new APIs hide differences
between those different curves?

Thanks again,
S.


> 
> -Ben
> 
> On Mon, Mar 08, 2021 at 02:23:36AM +0000, Stephen Farrell wrote:
>>
>> Hiya,
>>
>> My question: how does one setup an EVP_PKEY for a NIST
>> curve (e.g. p256) key pair when one has the private key
>> in an octet string using the latest OpenSSL 3.0.0 high
>> level APIs?
>>
>> I'm trying to get rid of deprecation warnings from my
>> code for HPKE [1] when dealing with NIST curves using
>> the new (I guess?) OSSL_PARAM_* approach. I'm failing
>> at the moment;-)
>>
>> So, given an octet string from a set of test vectors
>> (e.g. [2]) what's the proper way to setup an EVP_PKEY
>> for that to allow one to validate the test vectors?
>>
>> Happy to try produce a stand-alone example for this
>> in the next few days if one doesn't exist (I've not
>> found one so far).
>>
>> Thanks,
>> Stephen.
>>
>> [1] https://github.com/sftcd/happykey/blob/7d52d34c516ab58ca1433004ff82b2a6a82eea4c/hpke.c#L1263
>> [2] https://github.com/cfrg/draft-irtf-cfrg-hpke
> 
> pub   RSA 4096/7B172BEA 2017-12-22 Stephen Farrell (2017) <stephen.farrell at cs.tcd.ie>
>> sub   RSA 4096/36CB8BB6 2017-12-22
>>
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5AB2FAF17B172BEA.asc
Type: application/pgp-keys
Size: 10689 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210309/8a0e3bf5/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210309/8a0e3bf5/attachment.sig>


More information about the openssl-users mailing list