CNG engine on GitHub
reinier.torenbeek at gmail.com
Fri Jul 2 15:18:05 UTC 2021
On Fri, Jul 2, 2021 at 10:49 AM Selva Nair <selva.nair at gmail.com> wrote:
> On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
> reinier.torenbeek at gmail.com> wrote:
>> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
>> may want to check out this new OpenSSL CNG Engine project on GitHub:
>> https://github.com/rticommunity/openssl-cng-engine . The associated
>> User's Manual is on ReadTheDocs:
>> https://openssl-cng-engine.readthedocs.io/en/latest/index.html .
>> The project implements the majority of the EVP interface, to leverage the
>> BCrypt crypto implementations, as well as a subset of the STORE interface,
>> for integration with the Windows Certificate and Keystore(s), via the
>> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
>> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.
>> Any feedback is welcome, please send it to me or open an issue on GitHub.
> This is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a major
> limitation. It doesn't have to be that way as the OpenSSL engine interface
> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.
Yes I agree the lack of support for RSA-PSS is significant. There is a
discussion (which includes you, I see ) around the root cause of that here:
https://github.com/openssl/openssl/issues/7341 , among other places.
It is not clear to me what you mean with "the OpenSSL engine interface does
allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.". Can
you elaborate (here or on the GitHub issue)?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users