[EXTERNAL] Re: bignum to evp key
Tomas Mraz
tomas at openssl.org
Fri Mar 4 10:50:04 UTC 2022
Srinivas, please understand, that the public and private keys in the
shared key will come from different party. The private key is the one
you've just generated and the public key will be received in some
encoded format from the other peer.
I gave you below the methods how you encode the public key so it can be
sent to the other peer of the exchange.
When receiving the encoded public key from the other peer you'll either
use OSSL_DECODER to decode the encoded public key or create a new
domain parameters EVP_PKEY and use EVP_PKEY_set1_encoded_public_key()
to set the public key data on that key.
Tomas
On Fri, 2022-03-04 at 09:59 +0000, Srinivas, Saketh (c) wrote:
> I need to compute the shared key for DH. I have to extract public and
> private keys from evpkeypair. But the function EVP_PKEY_get_bn_param
> extracts as a big num. I need them as evp_pkey.
>
>
> From: Tomas Mraz <tomas at openssl.org>
> Sent: Friday, March 4, 2022 3:24 PM
> To: Srinivas, Saketh (c) <ssrinivas at rbbn.com>
> Cc: openssl-users <openssl-users at openssl.org>
> Subject: Re: [EXTERNAL] Re: bignum to evp key
> This is for some kind of artificial example code, isn't it? Because
> in
> a real world application of a DH/ECDH key exchange you will always
> have
> a private key for the local peer and a public key for the remote
> peer.
>
> To transfer the public key to the remote side you will need to
> somehow
> encode it. Either with an OSSL_ENCODER, or via
> EVP_PKEY_get1_encoded_public_key depending on the communication
> protocol.
>
> When encoding the key with OSSL_ENCODER you can specify with the
> OSSL_ENCODER_CTX_new_for_pkey() via the selection parameter that you
> want to encode just the public key or the public key with domain
> parameters.
>
> Tomas Mraz
>
> On Fri, 2022-03-04 at 09:43 +0000, Srinivas, Saketh (c) wrote:
> > i need them to create ctx = EVP_PKEY_CTX_new(priv_key, NULL)
> >
> > and then add the peer to ctx as EVP_PKEY_derive_set_peer( ctx,
> > pub_key )
> >
> > both should be evp_pkey format.
> > From: Tomas Mraz <tomas at openssl.org>
> > Sent: Friday, March 4, 2022 2:56 PM
> > To: Srinivas, Saketh (c) <ssrinivas at rbbn.com>;
> > openssl-users at openssl.org <openssl-users at openssl.org>
> > Subject: [EXTERNAL] Re: bignum to evp key
> > There is no straightforward way to do that. What do you want to do
> > with
> > the public and private EVP_PKEYs?
> >
> > Tomas
> >
> > On Fri, 2022-03-04 at 07:28 +0000, Srinivas, Saketh (c) wrote:
> > > HI,
> > >
> > > i have EvpKeyPair from GenerateEvpKeyPair(dh_p, dh_g,
> > > &pEvpKeyPair)
> > >
> > > How can I get the public key and priv key from keypair. The below
> > > function gives them as bignums but not Evp_pkey.
> > >
> > > (EVP_PKEY_get_bn_param(pEvpKeyPair, OSSL_PKEY_PARAM_PUB_KEY,
> > > &pubKey)
> > >
> > > I want pub key and priv keys as evp_pkey.
> > >
> > > Thanks,
> > > Saketh.
> > >
> > >
> > > Notice: This e-mail together with any attachments may contain
> > > information of Ribbon Communications Inc. and its Affiliates that
> > > is
> > > confidential and/or proprietary for the sole use of the intended
> > > recipient. Any review, disclosure, reliance or distribution by
> > > others
> > > or forwarding without express permission is strictly prohibited.
> > > If
> > > you
> > > are not the intended recipient, please notify the sender
> > > immediately
> > > and then delete all copies, including any attachments.
> >
>
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list