[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine
From: "Dr. Stephen Henson" <steve () openssl ! org>
Date: 2017-08-29 0:18:08
Message-ID: 20170829001808.GA15690 () openssl ! org
[Download RAW message or body]
On Mon, Aug 28, 2017, Brett R. Nicholas wrote:
>
>
> One more follow up question:
>
>
> > If possible you should set the public key components anyway: some operations
>
> > such as generating certificate requests require them to be present
>
> I'm confused what you mean here, since my engine doesn't "own" any instances of an \
> RSA struct, it just has a static instance of RSA_METHOD struct defined. So \
> therefore my engine never "sets" public or private key components. It just uses the \
> modexp functions to write the public/private data (contained in the RSA struct \
> passed as an argument from the higher level encrypt/decrypt functions) out to the \
> hardware accelerator, and then return the result. So I could never "set the public \
> key components anyway", as they would be set by whichever program calls \
> RSA_public/private_encrypt/decrypt().
>
> Is my implementing it in this way different than how you thought I was implementing \
> it? It made sense to me to do it this way, however please let me know if you think \
> I'm going about it wrong, or if there are issues with this particular strategy. I \
> want to make sure I'm using the engine API in the most intuitive and efficient way! \
>
Ah if you're performing crypto acceleration of already existing keys then
that's fine.
In some cases an ENGINE can load a private key (typically from an HSM) and
returns the EVP_PKEY structure: in that case it would initialise the RSA
structure for RSA keys. It's that case where (n, e) should be initialised
if possible.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic