Openssl 3.0.0. EVP_PKEY_CTX vs EVP_PKEY
Ken Goldman
kgoldman at us.ibm.com
Tue Sep 14 18:42:03 UTC 2021
On 9/14/2021 11:40 AM, Tomas Mraz wrote:
> On Tue, 2021-09-14 at 11:11 -0400, Ken Goldman wrote:
>> Conceptually, how are these different?
>>
>> When do I use one vs the other?
>
> The EVP_PKEY is an object holding data (well, rather a reference, but
> that is fairly irrelevant) of a private key, public key, or domain
> parameters for asymetric crypto keys.
>
> The EVP_PKEY_CTX is an operation context - that is a context to make
> some operations with an EVP_PKEY such as signing/verification,
> encryption/decryption, key generation (starting with domain parameters
> EVP_PKEY), key checking.
>
>> Where would I learn this?
>
> I suppose in the manual pages - I'd start with EVP_PKEY_new and
> EVP_PKEY_CTX_new man pages. Yeah, the discoverability is not that good
> I suppose. And there is no good high level overview.
In other words, the EVP_PKEY holds the public key. When I want to use
it to encrypt / verify, I create a temporary EVP_PKEY_CTX? Is that it?
Do I also use a ctx to initialize the key?
Perhaps, to make the EVP_PKEY from n and e.:
OSSL_PARAM_BLD_push_BN() for n and e parameters
EVP_PKEY_CTX_new_from_name the RSA
EVP_PKEY_fromdata using the parameters
More information about the openssl-users
mailing list