On 9/14/2021 11:40 AM, Tomas Mraz wrote:
On Tue, 2021-09-14 at 11:11 -0400, Ken Goldman wrote:
Conceptually, how are these different?
When do I use one vs the other?
The EVP_PKEY is an object holding data (well, rather a reference, but
that is fairly irrelevant) of a private key, public key, or domain
parameters for asymetric crypto keys.
The EVP_PKEY_CTX is an operation context - that is a context to make
some operations with an EVP_PKEY such as signing/verification,
encryption/decryption, key generation (starting with domain parameters
EVP_PKEY), key checking.
Where would I learn this?
I suppose in the manual pages - I'd start with EVP_PKEY_new and
EVP_PKEY_CTX_new man pages. Yeah, the discoverability is not that good
I suppose. And there is no good high level overview.
In other words, the EVP_PKEY holds the public key. When I want to use
it to encrypt / verify, I create a temporary EVP_PKEY_CTX? Is that it?
Do I also use a ctx to initialize the key?
Perhaps, to make the EVP_PKEY from n and e.:
OSSL_PARAM_BLD_push_BN() for n and e parameters
EVP_PKEY_CTX_new_from_name the RSA
EVP_PKEY_fromdata using the parameters
