OpenSSL 3.0.0 APIs for creating an EVP_PKEY from a p256 private key octet string

Stephen Farrell stephen.farrell at
Tue Mar 9 02:44:20 UTC 2021


On 08/03/2021 02:37, Benjamin Kaduk wrote:
> Hi Stephen :)
> The API you'll want to use is EVP_PKEY_fromdata(); there's
> a stubbed out example of using it to make an EVP_PKEY with
> EC group parameters at
> but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY
> (and possibly OSSL_PKEY_PARAM_PUB_KEY; I forget if you need
> to pass both) should be fairly straightforward.

Thanks for that! I worked around a few things and still need
to tidy-up but got things working that way without any more
deprecation warnings.

> Let us know if you run into trouble with that route.

One outstanding issue is that I still need different code
paths for NIST curves vs. 25519 & 448 - is that just me
(quite likely:-) or should these new APIs hide differences
between those different curves?

Thanks again,

> -Ben
> On Mon, Mar 08, 2021 at 02:23:36AM +0000, Stephen Farrell wrote:
>> Hiya,
>> My question: how does one setup an EVP_PKEY for a NIST
>> curve (e.g. p256) key pair when one has the private key
>> in an octet string using the latest OpenSSL 3.0.0 high
>> level APIs?
>> I'm trying to get rid of deprecation warnings from my
>> code for HPKE [1] when dealing with NIST curves using
>> the new (I guess?) OSSL_PARAM_* approach. I'm failing
>> at the moment;-)
>> So, given an octet string from a set of test vectors
>> (e.g. [2]) what's the proper way to setup an EVP_PKEY
>> for that to allow one to validate the test vectors?
>> Happy to try produce a stand-alone example for this
>> in the next few days if one doesn't exist (I've not
>> found one so far).
>> Thanks,
>> Stephen.
>> [1]
>> [2]
> pub   RSA 4096/7B172BEA 2017-12-22 Stephen Farrell (2017) <stephen.farrell at>
>> sub   RSA 4096/36CB8BB6 2017-12-22
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5AB2FAF17B172BEA.asc
Type: application/pgp-keys
Size: 10689 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssl-users mailing list