[openssl-users] engine interface for genrsa

William Roberts bill.c.roberts at gmail.com
Sat Apr 14 00:28:38 UTC 2018

On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte <levitte at openssl.org> wrote:
> In message <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=QYchA8+YQ at mail.gmail.com> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <bill.c.roberts at gmail.com> said:
> bill.c.roberts> I am currently working on writing an openssl engine
> bill.c.roberts> to interface with a piece of hardware.
> bill.c.roberts>
> bill.c.roberts> I am trying to understand how to implement
> bill.c.roberts> rsa key generation, where the private key
> bill.c.roberts> bytes would not be available.
> bill.c.roberts>
> bill.c.roberts> I am currently invoking the
> bill.c.roberts> command:
> bill.c.roberts>
> bill.c.roberts> openssl genrsa -engine foo
> bill.c.roberts>
> bill.c.roberts> Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
> bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
> bill.c.roberts>
> bill.c.roberts> However, genrsa app seems to want rsa->e set here:
> bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
> bill.c.roberts>
> bill.c.roberts> I can't find documentation on how to handle the keygen interface
> bill.c.roberts> for RSA.
> bill.c.roberts>
> bill.c.roberts> Can someone point me in the right direction?
> e and n are public components of any RSA key pair (and RSA structure
> in OpenSSL).  You *must* make them available.  The rest of the numbers
> are private and do not need to be part of the RSA structure that
> OpenSSL handles.

Thanks. I went and read the RSA page on Wikipedia, and sure enough it
has what common meanings of what all the single letter variables
are in the RSA struct.

> Cheers,
> Richard
> --
> Richard Levitte         levitte at openssl.org
> OpenSSL Project         http://www.openssl.org/~levitte/
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list