Openssl 3.0.0. EVP_PKEY_CTX vs EVP_PKEY

Tomas Mraz tomas at openssl.org
Wed Sep 15 06:54:19 UTC 2021


On Tue, 2021-09-14 at 14:42 -0400, Ken Goldman wrote:
> On 9/14/2021 11:40 AM, Tomas Mraz wrote:
> > On Tue, 2021-09-14 at 11:11 -0400, Ken Goldman wrote:
> > > Conceptually, how are these different?
> > > 
> > > When do I use one vs the other?
> > 
> > The EVP_PKEY is an object holding data (well, rather a reference,
> > but
> > that is fairly irrelevant) of a private key, public key, or domain
> > parameters for asymetric crypto keys.
> > 
> > The EVP_PKEY_CTX is an operation context - that is a context to
> > make
> > some operations with an EVP_PKEY such as signing/verification,
> > encryption/decryption, key generation (starting with domain
> > parameters
> > EVP_PKEY), key checking.
> > 
> > > Where would I learn this?
> > 
> > I suppose in the manual pages - I'd start with EVP_PKEY_new and
> > EVP_PKEY_CTX_new man pages. Yeah, the discoverability is not that
> > good
> > I suppose. And there is no good high level overview.
> 
> In other words, the EVP_PKEY holds the public key.  When I want to
> use
> it to encrypt / verify, I create a temporary EVP_PKEY_CTX?  Is that
> it?
> Do I also use a ctx to initialize the key?
> 
> Perhaps, to make the EVP_PKEY from n and e.:
> 
> OSSL_PARAM_BLD_push_BN() for n and e parameters
> EVP_PKEY_CTX_new_from_name the RSA
> EVP_PKEY_fromdata using the parameters

Yes, you've got this right.

There are some cases where you do not need an EVP_PKEY_CTX to get an
EVP_PKEY - such as using decoders to decode a key from a file.


-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]




More information about the openssl-users mailing list