[openssl-users] Implementing ECDSA in an engine

Dr. Stephen Henson steve at openssl.org
Fri Jun 26 20:25:07 UTC 2015

On Fri, Jun 26, 2015, Reinier Torenbeek wrote:

> The mechanism for implementing ECDSA in my own engine is unclear to me.
> Unfortunately, none of the example engines implement ECDSA so it is hard
> for me to find answers.
> Invoking ENGINE_set_ECDSA() does not seem to be sufficient: my setup,
> sign and verify methods never get invoked.

There are two separate ways you can implement a public key algorithm in an

The first is a default method which is then used for every single operation. 
This is most suited to cryptographic accelerators.

The second is a key specific method which is utilised for some (and maybe not
all) operations on one key. This would be most suited for a smart card for
example where signing might be performed by the card but verification
performed by OpenSSL itself.

The second form isn't well supported for ECDSA at present though you can sort
of get that functionality using the first technique. That will be fixed
at some point most likely in the master branch for OpenSSL 1.1.0.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list