OpenSSL CNG engine on GitHub

Reinier Torenbeek reinier.torenbeek at
Fri Jul 2 12:59:30 UTC 2021

Hello David,

Thanks for checking this out and your positive feedback. I was not able to
find any substantial solution for this either. I do wonder why that is?
Possibly, Windows users are not as interested in a cross platform solution
like OpenSSL provides and they are fine with using the Windows APIs
directly -- that is just speculation though.

Best regards,

On Fri, Jul 2, 2021 at 6:56 AM David von Oheimb <dev at> wrote:

> Hello Reinier,
> around five years back I was looking for such an implementation as an
> alternative to the rather limited CAPI engine, mostly because the C(rypto
> )API does not support ECC.
> The only thing I found at that time was
> and I
> do not know how it evolved since them.
> So I am very pleased to see that meanwhile there is a way of using core
> features of Windows CAPI Next Generation (CNG) from OpenSSL.
> Many thanks to RTI for providing this as open-source development under the
> Apache license.
> I currently do not have the time for a closer look or even trying it out,
> but this looks very good and well documented.
> In particular,
> gives a nice example how to use the Windows cert & key store.
> Porting this to the new OpenSSL crypto provider interface will likely lift
> the limitation regarding RSA-PSS support, which lacks just due to the
> engine interface.
> Cheers,
>     David
> On 01.07.21 19:49, Reinier Torenbeek wrote:
> Hi,
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
> may want to check out this new OpenSSL CNG Engine project on GitHub:
> . The associated
> User's Manual is on ReadTheDocs:
> .
> The project implements the majority of the EVP interface, to leverage the
> BCrypt crypto implementations, as well as a subset of the STORE interface,
> for integration with the Windows Certificate and Keystore(s), via the
> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.
> Any feedback is welcome, please send it to me or open an issue on GitHub.
> Best regards,
> Reinier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list