Store Mgmt and keys loading ( keyform ENG )

Antonio Santagiuliana santantonioswap at gmail.com
Mon Oct 4 12:38:09 UTC 2021


Forgot to write, I am using Openssl 3.0.

Thank you

On Mon, 4 Oct 2021, 12:12 Antonio Santagiuliana, <santantonioswap at gmail.com>
wrote:

> Hello,
> I am doing my own provider starting from the default provider's code.
> I have now a question, I am seeing the STOREMGMT operation is required to
> interpret the URI of input private key,  I would like that the string
> passed by the user for input key is not interpret as file to open but just
> my provider should save the string value to be used later .This is  when
> invoking command options such as dgst sign -in "text" -keyform ENG.
> With engines' architecture this is possible by passing option -keyform ENG
> to dgst command. The string in that case is not interpreted as a file path
> and just passed through.
> There was engine_set_load_privkey_function that was getting this string.
> How can I achieve this now with the provider architecture ? If I pass
> -keyform ENG to dgst command together with --provider , it says "no engine
> specified to load private key" Should I use OSSL_FUNC_store_load_fn and
> OSSL_FUNC_store_open_fn ? .
> Also, at low level I am using RSA_FLAG_EXT_PKEY flag set as I don't have a
> real private key info to load and use from a Filesystem.
> Is there anything to set in the KEYMGMT too ? I can see there is a flag
> OSSL_KEYMGMT_SELECT_PRIVATE_KEY indicating the private key data in a key
> object should be considered. Not really sure if this is something I should
> set or not and how this keymgmt operation relates with storemgmt operation.
>
> thank you if you can send some comment on this.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211004/ceae7747/attachment.html>


More information about the openssl-users mailing list