Matching keys between providers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi OpenSSL users and its glorious developers,

Thank you very much for OpenSSL 3!

My question is about writing a provider. I decided to start from a Windows certificate storage provider. It already works with "openssl storeutl" command, but can't make it work with "openssl ca".

When openssl expects a certificate, I return an encoded certificate directly. OpenSSL parses it and the public key belongs to the "OpenSSL RSA" provider. I can't give private keys from Windows cert. storage and return something virtual from my key management provider.

At the next step, openssl.exe does matching, compares key types: public key's type is "OpenSSL RSA" and the private key type of "MYPKEY". It is done in  evp_keymgmt_util_match.
I was hoping it would be called OSSL_FUNC_KEYMGMT_MATCH for both providers, but it only compares strings and says types are different. If I declare that my key management also handles RSA in OSSL_ALGORITHM as "MYPKEY:RSA" OpenSSL tool gives an error that RSA has an existing different identity.

I'm exploring the source, but I'm stuck. Is it the wrong approach or I missed something ?

--
Best Regards
Alex Dankow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux