[EXTERNAL] Re: bignum to evp key

Tomas Mraz tomas at openssl.org
Fri Mar 4 09:54:46 UTC 2022


This is for some kind of artificial example code, isn't it? Because in
a real world application of a DH/ECDH key exchange you will always have
a private key for the local peer and a public key for the remote peer.

To transfer the public key to the remote side you will need to somehow
encode it. Either with an OSSL_ENCODER, or via
EVP_PKEY_get1_encoded_public_key depending on the communication
protocol.

When encoding the key with OSSL_ENCODER you can specify with the
OSSL_ENCODER_CTX_new_for_pkey() via the selection parameter that you
want to encode just the public key or the public key with domain
parameters.

Tomas Mraz

On Fri, 2022-03-04 at 09:43 +0000, Srinivas, Saketh (c) wrote:
> i need them to create  ctx = EVP_PKEY_CTX_new(priv_key, NULL) 
> 
> and then add the peer to ctx as EVP_PKEY_derive_set_peer( ctx,
> pub_key ) 
> 
> both should be evp_pkey format.
> From: Tomas Mraz <tomas at openssl.org>
> Sent: Friday, March 4, 2022 2:56 PM
> To: Srinivas, Saketh (c) <ssrinivas at rbbn.com>;
> openssl-users at openssl.org <openssl-users at openssl.org>
> Subject: [EXTERNAL] Re: bignum to evp key 
> There is no straightforward way to do that. What do you want to do
> with
> the public and private EVP_PKEYs?
> 
> Tomas
> 
> On Fri, 2022-03-04 at 07:28 +0000, Srinivas, Saketh (c) wrote:
> > HI,
> > 
> > i have EvpKeyPair from GenerateEvpKeyPair(dh_p, dh_g, &pEvpKeyPair)
> > 
> > How can I get the public key and priv key from keypair. The below
> > function gives them as bignums but not Evp_pkey.
> > 
> > (EVP_PKEY_get_bn_param(pEvpKeyPair, OSSL_PKEY_PARAM_PUB_KEY,
> > &pubKey)
> > 
> > I want pub key and priv keys as evp_pkey.
> > 
> > Thanks,
> > Saketh.
> >  
> > 
> > Notice: This e-mail together with any attachments may contain
> > information of Ribbon Communications Inc. and its Affiliates that
> > is
> > confidential and/or proprietary for the sole use of the intended
> > recipient. Any review, disclosure, reliance or distribution by
> > others
> > or forwarding without express permission is strictly prohibited. If
> > you
> > are not the intended recipient, please notify the sender
> > immediately
> > and then delete all copies, including any attachments.
> 

-- 
Tomáš Mráz, OpenSSL




More information about the openssl-users mailing list