Engine with ed25519/ed448 support

Dmitry Belyavsky beldmit at gmail.com
Thu Dec 9 09:24:23 UTC 2021


First, it's worth implementing a provider instead of an engine if you want
to use OpenSSL 3.0+ because engines are deprecated.
But if you still insist on the engine implementation, you'd have to
implement EVP_PKEY_METHOD and EVP_ASN1_METHOD in your engine.

Hope this helps.

On Thu, Dec 9, 2021 at 9:36 AM Bengt Warnemyr <bengt.warnemyr at gmail.com>

> Hi OpenSSL team.
> I did subscribe to openssl-users on December 2 or 3 but haven't got
> any response.
> Sending my question again to this address.
> I'm developing an engine using an hsm for key storage and the
> cryptographic operations when setting up a tls session with libssl.
> I have it working for RSA and EC keys by implementing
>   ENGINE_set_load_pubkey_function(e, my_load_pub_key_function)
>   ENGINE_set_load_privkey_function(e, my_load_priv_key_function)
>   ENGINE_set_pkey_meths(e, my_pmeths_function)
> When my engine instantiates a EVP_PKEY the public part of RSA/EC_KEY
> is set with data from the hsm
> and gives it my RSA_METHOD/EC_KEY_METHOD.
> Then I use RSA_set_ex_data/EC_KEY_set_ex_data to store information
> about the hsm key to use.
> However ECX_KEY isn't public nor does it have any METHOD or ex data.
> My question is how to support ed25519/ed448 keys?
> /Bengt

SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211209/f3ee4577/attachment.htm>

More information about the openssl-users mailing list