Asymetric crypto and OpenSSL 3.0 deprecated functions

Richard Levitte levitte at
Mon May 25 16:14:38 UTC 2020

On Mon, 25 May 2020 13:20:28 +0200,
Emmanuel Deloget wrote:
> In my development I'm using a idiom that's not as widely used as I
> thought (as I get it after multiple days of searching out there). In
> order to securely distribute a binary, I encrypt it using an AES key
> and the AES key itself is encrypted using a /private/ RSA key I own.

That's a perfectly viable thing to do, and is usually called "signing",
and what you're signing here is the AES key.

> Only owners of the /public/ key (which, as it is a publilc key, may
> leak) can decrypt the AES key, and therefore the binary.

Which is usually called "verifying the signature".

This looks like object signing to me.

> Of course, in order to do this I rely on RSA_private_encrypt() and
> RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt()
> cannot be used(*).

EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to
use.  However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover()
(if I read you correctly, that's the function you need, rather than a
mere EVP_PKEY_verify()).

> So, after that long introduction, here is my question : is there any
> OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private
> key and decrypt using a public key?

Yes, see above.  Those functions have been around for a while, I think
you can start playing with them in any current OpenSSL version.


Richard Levitte         levitte at
OpenSSL Project

More information about the openssl-users mailing list