OpenSSL 3.0.0 APIs for creating an EVP_PKEY from a p256 private key octet string
Benjamin Kaduk
bkaduk at akamai.com
Tue Mar 9 03:09:51 UTC 2021
On Tue, Mar 09, 2021 at 02:44:20AM +0000, Stephen Farrell wrote:
>
> Hiya,
>
> On 08/03/2021 02:37, Benjamin Kaduk wrote:
> > Hi Stephen :)
> >
> > The API you'll want to use is EVP_PKEY_fromdata(); there's
> > a stubbed out example of using it to make an EVP_PKEY with
> > EC group parameters at
> > https://github.com/openssl/openssl/issues/14258#issuecomment-783351031
> > but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY
> > (and possibly OSSL_PKEY_PARAM_PUB_KEY; I forget if you need
> > to pass both) should be fairly straightforward.
>
> Thanks for that! I worked around a few things and still need
> to tidy-up but got things working that way without any more
> deprecation warnings.
>
> >
> > Let us know if you run into trouble with that route.
>
> One outstanding issue is that I still need different code
> paths for NIST curves vs. 25519 & 448 - is that just me
> (quite likely:-) or should these new APIs hide differences
> between those different curves?
I would have expected that the API should hide the differences
other than the group name ... but these APIs are still pretty
new to me, too. If you can point me at your code I might have
more to say.
-Ben
More information about the openssl-users
mailing list