EVP_PKEY_get_raw_public_key fails with OpenSSL 3.0

fus at plutonium24.de fus at plutonium24.de
Thu Nov 24 01:23:15 UTC 2022



Am 11.11.2022 um 17:44 schrieb Matt Caswell:
>
>
> On 11/11/2022 12:41, fus at plutonium24.de wrote:
>>
>> My apologies. I tested the code you supplied and of course it also fails with 1.1.1. The code was changed without my knowledge when updating to 3.0 and the version that was working used the deprecated "EC_POINT_point2oct". During my test I missed this.
>>
>> Concerning the questions James akesd: I extract the key from an X509 certificate (with X509_get0_pubkey). And as you suggested I just need the bytes of the public EC point. As a reference to which I want to compare this data I only have the raw public key and a proprietarily encoded curve id which I also check.
>>
>>
>> I'd like to come back to the question : how can I get the raw public key^without using deprecated functionality?
>>
>> Frank
>>
>
> Probably calling EVP_PKEY_get_octet_string_param() and asking for the parameter OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY should do it. See these man pages:
>
> https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_get_params.html
>
> https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-EC.html
>
> Matt
>
Many thanks, asking for the encoded public key as an octet string did work correctly.

Frank


More information about the openssl-users mailing list