EVP_PKEY_new_raw_private_key() vs EVP_PKEY_new_mac_key() ?

Matt Caswell matt at openssl.org
Thu May 14 21:38:53 UTC 2020

On 14/05/2020 22:21, Thomas Dwyer III wrote:
> Are EVP_PKEY_new_raw_private_key() and EVP_PKEY_new_mac_key()
> functionally equivalent? They have very different implementations
> internally but appear to produce identical results when used with
> EVP_DigestSignInit() and key type EVP_PKEY_HMAC. The documentation says
> "works like" but it's not clear whether that really means "equivalent".
> I'm trying to write portable (openssl version agnostic) HMAC functions
> and I'm concerned about the note that says "New applications should use
> EVP_PKEY_new_raw_private_key() instead" when that doesn't exist prior to
> 1.1.1. Is this the recommended solution?
> #if OPENSSL_VERSION_NUMBER < 0x10101000L
>     EVP_PKEY *pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, ...);
> #else
>     EVP_PKEY *pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, ...);
> #endif

As you note the implementations are very different.
EVP_PKEY_new_raw_private_key() is the preferred approach (its much
simpler internally) and also works for other things that are not MACs
(e.g. X25519, X448).

The two should however be functionally equivalent.

Your proposed solution is fine. My guess is that at some point in the
future EVP_PKEY_new_mac_key() will be deprecated - but it hasn't been in
1.1.1, and nor has it so far in 3.0. So you *could* choose to just use


More information about the openssl-users mailing list