Reputation: 1387
Generate keypair for EVP based on engine
Up until now I did the following:
rsa=RSA_generate_key(2048,RSA_F4,NULL,NULL);
if (rsa == NULL){
fprintf(stderr, "Could not generate keypair \r\n");
return EXIT_FAILURE;
}
if ((pk=EVP_PKEY_new()) == NULL){
fprintf(stderr, "Could not instantiate new evp key storage\r\n");
return EXIT_FAILURE;
}
if (!EVP_PKEY_assign_RSA(pk,rsa)){
fprintf(stderr, "Could not assign keypair to evp key storage\r\n");
return EXIT_FAILURE;
}
However, now I want to be able to use my custom openssl engine. Can you tell me how this is done ?
Upvotes: 1
Views: 1380
Answers (1)
Reputation: 747
You have to load the engine first. I think the best way is loading it dynamically (otherwise you would be required to compile it together with openssl):
ENGINE_load_dynamic();
ENGINE *your_engine = ENGINE_by_id("dynamic");
...
if (!ENGINE_ctrl_cmd_string(your_engine, "SO_PATH", "path to your engine here (*.so or *.dll), 0))
{
// your error handler
}
if (!ENGINE_ctrl_cmd_string(your_engine, "LIST_ADD", "1", 0))
{
// your error handler
}
if (!ENGINE_ctrl_cmd_string(your_engine, "LOAD", NULL, 0))
{
// your error handler
}
if (!ENGINE_init(your_engine))
{
// your error handler
}
// You can load your private keys this way:
if (!(pk = ENGINE_load_private_key(your_engine, "probably your password...", NULL, NULL)))
{
}
// You need to tell OpenSSL that you want to use your Engine, for RSA stuff, for example you may do like this
ENGINE_set_default_RSA(your_engine);
...
To generate Keys, however, I don't know if it is possible by using only OpenSSL native interface. For my project I've created a custom command. So, in the ENGINE_CMD_DEFN inside the engine, I've added the following:
static const ENGINE_CMD_DEFN md_defns[] = {
...
{CMD_GEN_KEYPAIR, "CMD_GEN_KEYPAIR", "Used to generate a key pair", ENGINE_CMD_FLAG_STRING}
...
};
You, then, have to handle this command inside your overloaded ctrl_function (the one you've setted using ENGINE_set_ctrl_function(...). You probably already have a switch case there, so just add another case.
To call this command from your application, use ENGINE_ctrl_cmd("CMD_GEN_KEYPAIR", 1, (void *)(&adittionalInfo));, putting in adittionalInfo enough information for you to generate your key. In my case, I've created a hook like C struct that both my application and my engine know about it, so that my engine can blindly cast it to the correct type.
After generating your key, load it with ENGINE_load_private_key.
I don't know if this is the "best" way, but was suitable for my needs.
Upvotes: 3
Related Questions
- How to do RSA public key encryption using OpenSSL EVP routines?
- How to generate and hex encode a ED25519 keypair using openssl 3.0 c++
- OpenSSL RSA Encryption/Decryption with EVP Methods
- Generat EC KeyPair with OpenSSL library
- Generate EC KeyPair from OpenSSL at the same time
- Extract public key from EVP_PKEY keypair?
- Using only 1 EVP_PKEY while generating EC keys using OpenSSL 1.1
- Generate EC KeyPair from OpenSSL command line
- openSSL: How to initialize EVP_PKEY object with the decoded key?
- Generate EVP_PKEY from Private Key Bytes In PEM Format