Matching keys between providers
Alex Dankow
alex.dankow at gmail.com
Sat Oct 23 04:04:39 UTC 2021
Hi OpenSSL users and its glorious developers,
Thank you very much for OpenSSL 3!
My question is about writing a provider. I decided to start from a Windows
certificate storage provider. It already works with "openssl storeutl"
command, but can't make it work with "openssl ca".
When openssl expects a certificate, I return an encoded certificate
directly. OpenSSL parses it and the public key belongs to the "OpenSSL RSA"
provider. I can't give private keys from Windows cert. storage and return
something virtual from my key management provider.
At the next step, openssl.exe does matching, compares key types: public
key's type is "OpenSSL RSA" and the private key type of "MYPKEY". It is
done in evp_keymgmt_util_match.
I was hoping it would be called OSSL_FUNC_KEYMGMT_MATCH for both providers,
but it only compares strings and says types are different. If I declare
that my key management also handles RSA in OSSL_ALGORITHM as "MYPKEY:RSA"
OpenSSL tool gives an error that RSA has an existing different identity.
I'm exploring the source, but I'm stuck. Is it the wrong approach or I
missed something ?
--
Best Regards
Alex Dankow
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211023/da2129c3/attachment-0001.html>
More information about the openssl-users
mailing list