On Mon, 21 Dec 2015 21:29:03 -0800 Stephen Kou <s.kou at outlook.com> wrote: > OpenSSL has the higher-level EVP_PKEY_* functions which work > abstracts the public key cryptography algorithms. However, sometimes > a EVP_PKEY* only has a public key. How could I check if a given > EVP_PKEY* contains a private key? I could use EVP_PKEY_decrypt_init > and see if it returns an error, but that seems to be quite > heavy-handed for what seems to be a simple check. The other option > is to go through the EVP_PKEY_get0_* functions and investigate the > underlying mechanism directly (e.g. EVP_PKEY_get0_RSA and checking > the RSA*'s private exponent is NULL), but that is also clumsy as I'll > have to write code for every possible algorithm. You cannot use EVP_PKEY_decrypt_init if you want code, which works for for every possible algorithm, because every possible public key algorithm doesn't required to support encrypt/decrypt operation. For instance, DSA supports only sign/verify, DH - derive, EC_KEY - both of them, but not encrypt/decrypt.
