CNG engine on GitHub

Reinier Torenbeek reinier.torenbeek at gmail.com
Fri Jul 2 15:18:05 UTC 2021


Hi Selva,

On Fri, Jul 2, 2021 at 10:49 AM Selva Nair <selva.nair at gmail.com> wrote:

> Hi,
>
> On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
> reinier.torenbeek at gmail.com> wrote:
>
>> Hi,
>>
>> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
>> may want to check out this new OpenSSL CNG Engine project on GitHub:
>> https://github.com/rticommunity/openssl-cng-engine . The associated
>> User's Manual is on ReadTheDocs:
>> https://openssl-cng-engine.readthedocs.io/en/latest/index.html .
>>
>> The project implements the majority of the EVP interface, to leverage the
>> BCrypt crypto implementations, as well as a subset of the STORE interface,
>> for integration with the Windows Certificate and Keystore(s), via the
>> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
>> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.
>>
>> Any feedback is welcome, please send it to me or open an issue on GitHub.
>>
>
> This is great, but limiting RSA signature to  RSA-PKCS#1 v 1.5 is a major
> limitation. It doesn't have to be that way as the OpenSSL engine interface
> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.
>

Yes I agree the lack of support for RSA-PSS is significant. There is a
discussion (which includes you, I see ) around the root cause of that here:
https://github.com/openssl/openssl/issues/7341 , among other places.

It is not clear to me what you mean with "the OpenSSL engine interface does
allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.". Can
you elaborate (here or on the GitHub issue)?

Thanks,
Reinier


> Selva
>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210702/4d7f6886/attachment.html>


More information about the openssl-users mailing list