Hiya, On 08/03/2021 02:37, Benjamin Kaduk wrote:
Hi Stephen :) The API you'll want to use is EVP_PKEY_fromdata(); there's a stubbed out example of using it to make an EVP_PKEY with EC group parameters at https://github.com/openssl/openssl/issues/14258#issuecomment-783351031 but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY (and possibly OSSL_PKEY_PARAM_PUB_KEY; I forget if you need to pass both) should be fairly straightforward.
Thanks for that! I worked around a few things and still need to tidy-up but got things working that way without any more deprecation warnings.
Let us know if you run into trouble with that route.
One outstanding issue is that I still need different code paths for NIST curves vs. 25519 & 448 - is that just me (quite likely:-) or should these new APIs hide differences between those different curves? Thanks again, S.
-Ben On Mon, Mar 08, 2021 at 02:23:36AM +0000, Stephen Farrell wrote:Hiya, My question: how does one setup an EVP_PKEY for a NIST curve (e.g. p256) key pair when one has the private key in an octet string using the latest OpenSSL 3.0.0 high level APIs? I'm trying to get rid of deprecation warnings from my code for HPKE [1] when dealing with NIST curves using the new (I guess?) OSSL_PARAM_* approach. I'm failing at the moment;-) So, given an octet string from a set of test vectors (e.g. [2]) what's the proper way to setup an EVP_PKEY for that to allow one to validate the test vectors? Happy to try produce a stand-alone example for this in the next few days if one doesn't exist (I've not found one so far). Thanks, Stephen. [1] https://github.com/sftcd/happykey/blob/7d52d34c516ab58ca1433004ff82b2a6a82eea4c/hpke.c#L1263 [2] https://github.com/cfrg/draft-irtf-cfrg-hpkepub RSA 4096/7B172BEA 2017-12-22 Stephen Farrell (2017) <stephen.farrell@xxxxxxxxx>sub RSA 4096/36CB8BB6 2017-12-22
Attachment:
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
