[openssl-users] EVP-level load_key functions

Reinier Torenbeek reinier.torenbeek at gmail.com
Sun Aug 9 18:50:09 UTC 2015 

Thanks for your pointers.

I searched a bit further and noticed the existence of a STORE method and
the associated (un)register functions with an engine. Looking at its
API, it looks like it provides the key and certificate loading function
signatures that I need. Therefore, I was considering implementing (a
subset of) the STORE method functions in my engine.

From the README in crypto/store in master
<https://github.com/openssl/openssl/blob/master/crypto/store/README>, I
conclude that future versions will provide X509_STORE as a default
implementation for the store as well. Therefore, this seems the right
approach in the long run. I am currently using a 1.0.1 version.

However, I could not find any example of any engine implementing a
store. There do not seem to be any tests either. Can you/someone confirm
that implementing (a subset of) a store in my engine is a valid approach
at the moment (and in the future)?

Thanks,
Reinier

On 8/6/15 8:06 PM, Dr. Stephen Henson wrote:
> On Thu, Aug 06, 2015, Reinier Torenbeek wrote:
>
>> I am interested in leveraging the following three functions:
>>
>> ENGINE_load_private_key()
>> ENGINE_load_public_key()
>> ENGINE_load_certificate()
>>
>> Unfortunately, the latter is missing. This was mentioned in a recent
>> thread on this list as well (see
>> http://www.mail-archive.com/openssl-users@openssl.org/msg77566.html). Is
>> it planned for any future release?
>>
> At some point yes but it's quite complex decided what the parameters should
> be: e.g. to lookup certificates matching one or more criteria.
>
>
>> The former two functions are present though and I was looking for their
>> EVP-level counterparts to access them in the proper way. Apparently,
>> those do not exist either. Previously, I was under the impression that
>> the EVP API exposes all engine-implemented functions. Are these
>> EVP_load_xxx functions missing from EVP because they are "todo in a
>> future release" or are they omitted by design?
>>
> The ENGINE_load*key functions rerturn an EVP_PKEY structure which can be
> used by EVP directly.
>
> There are other functions which can load an EVP_PKEY structure too like the
> PEM and PKCS12 functions.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150809/21bed532/attachment.html>

More information about the openssl-users mailing list