On 14/12/2020 16:04, Thulasi Goriparthi wrote: > Hello, > > Is it acceptable for an openssl provider to implement an algorithm > (rsaEncryption) as asym_cipher or signature algorithm without > implementing corresponding keymgmt or redirecting the same to the > 'default' provider? > > I ask, as our engine implementation handles key import dynamically at > time of offloading crypto operation, using ex_data of key objects. I > want to quickly upgrade this to a provider to convince myself that the > basic upgrade from engine to provider isn't time consuming. One of the main purposes of the key manager is to import the key into the provider into a form that it can use internally. The asym_cipher/signature implementations just use references to keys created by the key manager. So unfortunately it is necessary to have a key manager in order for a provider to have a usable asym_cipher or signature implementation. Note: it does not have to be a fully featured key manager, e.g. it does not need to implement key generation. It would be perfectly possible to have key generation done in some other key manager and then subsequently import it into the target key manager. Matt
