SSL and "custom" EVP_KEY

Alex Dankow alex.dankow at gmail.com
Fri Oct 29 13:32:34 UTC 2021


Hi OpenSSL team!

I wrote a provider for Windows certificates and implemented "openssl ca".
Now, I think it would be fun to see a HTTPS server using certificates
installed in Windows storage.

Certificate is loaded using load_cert_pass (taken from apps.c) with custom
uri "wincert://11:22:33....",  private key is loaded with load_key from
apps.c too. It works, but ...
When I use  SSL_CTX_use_PrivateKey(ctx, myprivk)  the key is declined.
OpenSSL compares strings and expects "rsaEncryption", and so on instead of
"MYKEY". Why ?
Maybe I'm missing something, but if you built a key management system, sign
interface, ciphers that allows key virtualization, why not go further ? I'm
ready to implement the encryption interface, but why OpenSSL still care
about key type name. In the new era of version 3, it can check if the key
provides necessary interfaces.

--
Alex Dankow
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211029/b08dc00f/attachment.html>


More information about the openssl-users mailing list