On Fri, Jun 26, 2015, Reinier Torenbeek wrote: > > The mechanism for implementing ECDSA in my own engine is unclear to me. > Unfortunately, none of the example engines implement ECDSA so it is hard > for me to find answers. > > Invoking ENGINE_set_ECDSA() does not seem to be sufficient: my setup, > sign and verify methods never get invoked. > There are two separate ways you can implement a public key algorithm in an ENGINE. The first is a default method which is then used for every single operation. This is most suited to cryptographic accelerators. The second is a key specific method which is utilised for some (and maybe not all) operations on one key. This would be most suited for a smart card for example where signing might be performed by the card but verification performed by OpenSSL itself. The second form isn't well supported for ECDSA at present though you can sort of get that functionality using the first technique. That will be fixed at some point most likely in the master branch for OpenSSL 1.1.0. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
