[openssl-users] Checking if an EVP_PKEY* contains a private key
Dr. Stephen Henson
steve at openssl.org
Tue Dec 22 12:36:14 UTC 2015
On Tue, Dec 22, 2015, Viktor Dukhovni wrote:
> On Mon, Dec 21, 2015 at 09:29:03PM -0800, Stephen Kou wrote:
>
> > OpenSSL has the higher-level EVP_PKEY_* functions which work abstracts
> > the public key cryptography algorithms. However, sometimes a EVP_PKEY*
> > only has a public key. How could I check if a given EVP_PKEY* contains
> > a private key?
>
> len = i2d_PrivateKey(key, NULL);
> if (len <= 0) {
> /* No private key, or error determining its DER length */
> } else {
> /* Private key available */
> }
>
Interesting idea but that may actually work in some cases due to the "NULL is
absent" rule. Encoding the key to a buffer and then attempting to decode it
should be more reliable: any absent components will cause a parsing error.
However even that wont work in general because the EVP_PKEY structure might
come from an engine which doesn't set the private key components.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list