Openssl 3.0.0. EVP_PKEY_CTX vs EVP_PKEY

Tomas Mraz tomas at
Tue Sep 14 15:40:51 UTC 2021

On Tue, 2021-09-14 at 11:11 -0400, Ken Goldman wrote:
> Conceptually, how are these different?
> When do I use one vs the other?

The EVP_PKEY is an object holding data (well, rather a reference, but
that is fairly irrelevant) of a private key, public key, or domain
parameters for asymetric crypto keys.

The EVP_PKEY_CTX is an operation context - that is a context to make
some operations with an EVP_PKEY such as signing/verification,
encryption/decryption, key generation (starting with domain parameters
EVP_PKEY), key checking.

> Where would I learn this?

I suppose in the manual pages - I'd start with EVP_PKEY_new and
EVP_PKEY_CTX_new man pages. Yeah, the discoverability is not that good
I suppose. And there is no good high level overview.

Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your

More information about the openssl-users mailing list