OpenSSL 3.0.0 APIs for creating an EVP_PKEY from a p256 private key octet string

Benjamin Kaduk bkaduk at
Mon Mar 8 02:37:14 UTC 2021

Hi Stephen :)

The API you'll want to use is EVP_PKEY_fromdata(); there's
a stubbed out example of using it to make an EVP_PKEY with
EC group parameters at
but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY
(and possibly OSSL_PKEY_PARAM_PUB_KEY; I forget if you need
to pass both) should be fairly straightforward.

Let us know if you run into trouble with that route.


On Mon, Mar 08, 2021 at 02:23:36AM +0000, Stephen Farrell wrote:
> Hiya,
> My question: how does one setup an EVP_PKEY for a NIST
> curve (e.g. p256) key pair when one has the private key
> in an octet string using the latest OpenSSL 3.0.0 high
> level APIs?
> I'm trying to get rid of deprecation warnings from my
> code for HPKE [1] when dealing with NIST curves using
> the new (I guess?) OSSL_PARAM_* approach. I'm failing
> at the moment;-)
> So, given an octet string from a set of test vectors
> (e.g. [2]) what's the proper way to setup an EVP_PKEY
> for that to allow one to validate the test vectors?
> Happy to try produce a stand-alone example for this
> in the next few days if one doesn't exist (I've not
> found one so far).
> Thanks,
> Stephen.
> [1]
> [2]

pub   RSA 4096/7B172BEA 2017-12-22 Stephen Farrell (2017) <stephen.farrell at>
> sub   RSA 4096/36CB8BB6 2017-12-22

More information about the openssl-users mailing list