Own HW Supported RSA provider
tomasz bartczak
tbartcz at poczta.fm
Tue Jul 30 14:03:10 UTC 2024
Hi Selva,
Thanks for your clear answer.
Regards
Tom
Temat: Re: Own HW Supported RSA provider
Data: 2024-07-20 19:08
Nadawca: "Selva Nair" <selva.nair at gmail.com>
Adresat:
DW: "openssl-users at openssl.org" <openssl-users at openssl.org>;
>
> On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak <tbartcz at poczta.fm> wrote:
>
>>
>> If I use the crypto library I can provide desired properties like in EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with properties required by me?
>>
>
> You can set a property query while creating the SSL context using SSL_CTX_new_ex(). Or set it on the libctx using EVP_set_default_properties().
>
> That said, what you are trying to do may work with no need for property queries or even with "?provider=default" to prefer "default" when possible. When the private key is loaded using your provider and the key is not exportable, your provider will get called for signature operation.
>
> See the link below for a test program on how even "?provider=default" in the signing context fetches the correct signature operation for a key in a different provider. It also has the rudiments of an external key signing provider:
>
> https://gist.github.com/selvanair/e4fd5fec6316fe894ad0fbaac68f4355
>
> OR
>
> https://github.com/openssl/openssl/commit/dd292ed62cc5d3eb0c529aa51a07ec1ed34a9a5f
>
> Selva
>
More information about the openssl-users
mailing list