On Tue, 2021-09-14 at 14:42 -0400, Ken Goldman wrote: > On 9/14/2021 11:40 AM, Tomas Mraz wrote: > > On Tue, 2021-09-14 at 11:11 -0400, Ken Goldman wrote: > > > Conceptually, how are these different? > > > > > > When do I use one vs the other? > > > > The EVP_PKEY is an object holding data (well, rather a reference, > > but > > that is fairly irrelevant) of a private key, public key, or domain > > parameters for asymetric crypto keys. > > > > The EVP_PKEY_CTX is an operation context - that is a context to > > make > > some operations with an EVP_PKEY such as signing/verification, > > encryption/decryption, key generation (starting with domain > > parameters > > EVP_PKEY), key checking. > > > > > Where would I learn this? > > > > I suppose in the manual pages - I'd start with EVP_PKEY_new and > > EVP_PKEY_CTX_new man pages. Yeah, the discoverability is not that > > good > > I suppose. And there is no good high level overview. > > In other words, the EVP_PKEY holds the public key. When I want to > use > it to encrypt / verify, I create a temporary EVP_PKEY_CTX? Is that > it? > Do I also use a ctx to initialize the key? > > Perhaps, to make the EVP_PKEY from n and e.: > > OSSL_PARAM_BLD_push_BN() for n and e parameters > EVP_PKEY_CTX_new_from_name the RSA > EVP_PKEY_fromdata using the parameters Yes, you've got this right. There are some cases where you do not need an EVP_PKEY_CTX to get an EVP_PKEY - such as using decoders to decode a key from a file. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
