Re: Checking if a key can sign / verify in 3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 19/08/2020 02:01, Norm Green wrote:
> In 3.0 I see this new function in evp.h :
> 
> int EVP_PKEY_can_sign(const EVP_PKEY *pkey);
> 
> Is there an equivalent way to check if a key can verify? I'm not seeing
> an obvious way to do that.  Previously I used
> EVP_PKEY_meth_get_verifyctx() but that call is now deprecated in 3.0.

That function checks whether the algorithm used by the key is capable of
doing signature operations. It does *not* check whether the key itself
has all the required components in order to perform the signature (nor
whether there are any available provider implementations that implement it).

>From the docs:

"EVP_PKEY_can_sign() checks if the functionality for the key type of
I<pkey> supports signing.  No other check is done, such as whether
I<pkey> contains a private key."

Since there's not much point in having an algorithm that can create
signatures, which can't also verify them, then the two operations are
equivalent, i.e. if we had a function called `EVP_PKEY_can_verify()` it
would be synonymous with `EVP_PKEY_can_sign()`.

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux