[openssl-users] engine interface for genrsa

Richard Levitte levitte at openssl.org
Fri Apr 13 21:55:55 UTC 2018

In message <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=QYchA8+YQ at mail.gmail.com> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <bill.c.roberts at gmail.com> said:

bill.c.roberts> I am currently working on writing an openssl engine
bill.c.roberts> to interface with a piece of hardware.
bill.c.roberts> I am trying to understand how to implement
bill.c.roberts> rsa key generation, where the private key
bill.c.roberts> bytes would not be available.
bill.c.roberts> I am currently invoking the
bill.c.roberts> command:
bill.c.roberts> openssl genrsa -engine foo
bill.c.roberts> Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
bill.c.roberts> However, genrsa app seems to want rsa->e set here:
bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
bill.c.roberts> I can't find documentation on how to handle the keygen interface
bill.c.roberts> for RSA.
bill.c.roberts> Can someone point me in the right direction?

e and n are public components of any RSA key pair (and RSA structure
in OpenSSL).  You *must* make them available.  The rest of the numbers
are private and do not need to be part of the RSA structure that
OpenSSL handles.


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list