CNG engine on GitHub

Selva Nair selva.nair at
Fri Jul 2 13:48:21 UTC 2021


On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
reinier.torenbeek at> wrote:

> Hi,
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
> may want to check out this new OpenSSL CNG Engine project on GitHub:
> . The associated
> User's Manual is on ReadTheDocs:
> .
> The project implements the majority of the EVP interface, to leverage the
> BCrypt crypto implementations, as well as a subset of the STORE interface,
> for integration with the Windows Certificate and Keystore(s), via the
> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.
> Any feedback is welcome, please send it to me or open an issue on GitHub.

This is great, but limiting RSA signature to  RSA-PKCS#1 v 1.5 is a major
limitation. It doesn't have to be that way as the OpenSSL engine interface
does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list