Setting a group to an existing EVP_PKEY in OpenSSL 3
Matt Caswell
matt at openssl.org
Tue Oct 25 10:38:27 UTC 2022
On 25/10/2022 00:21, Kory Hamzeh wrote:
> I haven’t done exactly what you are trying, but something similar.
>
> See EVP_PKEY_set_params:
>
> https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_set_params.html
> <https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_set_params.html>
>
> The specific parm to set the group could be set like this:
>
> OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",
> curve, 0;
"group" is not a "settable" parameter for EC keys. You can "get" it. You
can import it (using EVP_PKEY_from_data()). You can export it (using
EVP_PKEY_to_data()). But you can't "set" it.
The group is immutable once the key is created.
It really doesn't make sense to change the group of a key from one thing
to another. None of the rest of the parameters would be valid if the
group changed.
On 25/10/2022 00:35, Martin via openssl-users wrote:
> Thanks for your response. I want to preserve the rest of the EC public
> key params. I did this. I haven’t test yet.
Preserving the rest of the EC public key params doesn't make sense. If
the group has changed the key is no longer valid. Just create a new key
instead.
Matt
More information about the openssl-users
mailing list