Hello Steve, Thank you for the response. The ECDSA_set_default_method() indeed sets up the functionality as you describe below and that seems to be good enough for me (for now...). Best regards, Reinier On 6/26/15 4:25 PM, Dr. Stephen Henson wrote: > On Fri, Jun 26, 2015, Reinier Torenbeek wrote: > >> The mechanism for implementing ECDSA in my own engine is unclear to me. >> Unfortunately, none of the example engines implement ECDSA so it is hard >> for me to find answers. >> >> Invoking ENGINE_set_ECDSA() does not seem to be sufficient: my setup, >> sign and verify methods never get invoked. >> > There are two separate ways you can implement a public key algorithm in an > ENGINE. > > The first is a default method which is then used for every single operation. > This is most suited to cryptographic accelerators. > > The second is a key specific method which is utilised for some (and maybe not > all) operations on one key. This would be most suited for a smart card for > example where signing might be performed by the card but verification > performed by OpenSSL itself. > > The second form isn't well supported for ECDSA at present though you can sort > of get that functionality using the first technique. That will be fixed > at some point most likely in the master branch for OpenSSL 1.1.0. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
