Openssl 3.0.0. EVP_PKEY_CTX vs EVP_PKEY

Ken Goldman kgoldman at
Tue Sep 14 18:42:03 UTC 2021

On 9/14/2021 11:40 AM, Tomas Mraz wrote:
> On Tue, 2021-09-14 at 11:11 -0400, Ken Goldman wrote:
>> Conceptually, how are these different?
>> When do I use one vs the other?
> The EVP_PKEY is an object holding data (well, rather a reference, but
> that is fairly irrelevant) of a private key, public key, or domain
> parameters for asymetric crypto keys.
> The EVP_PKEY_CTX is an operation context - that is a context to make
> some operations with an EVP_PKEY such as signing/verification,
> encryption/decryption, key generation (starting with domain parameters
> EVP_PKEY), key checking.
>> Where would I learn this?
> I suppose in the manual pages - I'd start with EVP_PKEY_new and
> EVP_PKEY_CTX_new man pages. Yeah, the discoverability is not that good
> I suppose. And there is no good high level overview.

In other words, the EVP_PKEY holds the public key.  When I want to use
it to encrypt / verify, I create a temporary EVP_PKEY_CTX?  Is that it?
Do I also use a ctx to initialize the key?

Perhaps, to make the EVP_PKEY from n and e.:

OSSL_PARAM_BLD_push_BN() for n and e parameters
EVP_PKEY_CTX_new_from_name the RSA
EVP_PKEY_fromdata using the parameters

More information about the openssl-users mailing list