[openssl-users] engine interface for genrsa
Richard Levitte
levitte at openssl.org
Fri Apr 13 21:55:55 UTC 2018
In message <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=QYchA8+YQ at mail.gmail.com> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <bill.c.roberts at gmail.com> said:
bill.c.roberts> I am currently working on writing an openssl engine
bill.c.roberts> to interface with a piece of hardware.
bill.c.roberts>
bill.c.roberts> I am trying to understand how to implement
bill.c.roberts> rsa key generation, where the private key
bill.c.roberts> bytes would not be available.
bill.c.roberts>
bill.c.roberts> I am currently invoking the
bill.c.roberts> command:
bill.c.roberts>
bill.c.roberts> openssl genrsa -engine foo
bill.c.roberts>
bill.c.roberts> Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
bill.c.roberts>
bill.c.roberts> However, genrsa app seems to want rsa->e set here:
bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
bill.c.roberts>
bill.c.roberts> I can't find documentation on how to handle the keygen interface
bill.c.roberts> for RSA.
bill.c.roberts>
bill.c.roberts> Can someone point me in the right direction?
e and n are public components of any RSA key pair (and RSA structure
in OpenSSL). You *must* make them available. The rest of the numbers
are private and do not need to be part of the RSA structure that
OpenSSL handles.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list