OpenSSL 3.0.0 APIs for creating an EVP_PKEY from a p256 private key octet string
Benjamin Kaduk
bkaduk at akamai.com
Mon Mar 8 02:37:14 UTC 2021
Hi Stephen :)
The API you'll want to use is EVP_PKEY_fromdata(); there's
a stubbed out example of using it to make an EVP_PKEY with
EC group parameters at
https://github.com/openssl/openssl/issues/14258#issuecomment-783351031
but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY
(and possibly OSSL_PKEY_PARAM_PUB_KEY; I forget if you need
to pass both) should be fairly straightforward.
Let us know if you run into trouble with that route.
-Ben
On Mon, Mar 08, 2021 at 02:23:36AM +0000, Stephen Farrell wrote:
>
> Hiya,
>
> My question: how does one setup an EVP_PKEY for a NIST
> curve (e.g. p256) key pair when one has the private key
> in an octet string using the latest OpenSSL 3.0.0 high
> level APIs?
>
> I'm trying to get rid of deprecation warnings from my
> code for HPKE [1] when dealing with NIST curves using
> the new (I guess?) OSSL_PARAM_* approach. I'm failing
> at the moment;-)
>
> So, given an octet string from a set of test vectors
> (e.g. [2]) what's the proper way to setup an EVP_PKEY
> for that to allow one to validate the test vectors?
>
> Happy to try produce a stand-alone example for this
> in the next few days if one doesn't exist (I've not
> found one so far).
>
> Thanks,
> Stephen.
>
> [1] https://github.com/sftcd/happykey/blob/7d52d34c516ab58ca1433004ff82b2a6a82eea4c/hpke.c#L1263
> [2] https://github.com/cfrg/draft-irtf-cfrg-hpke
pub RSA 4096/7B172BEA 2017-12-22 Stephen Farrell (2017) <stephen.farrell at cs.tcd.ie>
> sub RSA 4096/36CB8BB6 2017-12-22
>
More information about the openssl-users
mailing list