Checking if a key can sign / verify in 3.0

Norm Green at
Fri Aug 21 17:59:12 UTC 2020

No comments on my question? Should there not be a way to know if an 
EVP_PKEY is valid for verification besides attempting the verify 
operation and getting a weird error code?  Doesn't seem like too much to 
expect since we already have EVP_PKEY_can_sign().
I'm happy to implement EVP_PKEY_can_verify() with some assurance such a 
PR would be accepted.

Norm Green

On 8/18/2020 6:01 PM, Norm Green wrote:
> In 3.0 I see this new function in evp.h :
> int EVP_PKEY_can_sign(const EVP_PKEY *pkey);
> Is there an equivalent way to check if a key can verify? I'm not 
> seeing an obvious way to do that.  Previously I used 
> EVP_PKEY_meth_get_verifyctx() but that call is now deprecated in 3.0.
> thanks,
> Norm Green

More information about the openssl-users mailing list