Hi!
First, it's worth implementing a provider instead of an engine if you want to use OpenSSL 3.0+ because engines are deprecated.
But if you still insist on the engine implementation, you'd have to implement EVP_PKEY_METHOD and EVP_ASN1_METHOD in your engine.
Hope this helps.
On Thu, Dec 9, 2021 at 9:36 AM Bengt Warnemyr <bengt.warnemyr@xxxxxxxxx> wrote:
Hi OpenSSL team.
I did subscribe to openssl-users on December 2 or 3 but haven't got
any response.
Sending my question again to this address.
I'm developing an engine using an hsm for key storage and the
cryptographic operations when setting up a tls session with libssl.
I have it working for RSA and EC keys by implementing
ENGINE_set_load_pubkey_function(e, my_load_pub_key_function)
ENGINE_set_load_privkey_function(e, my_load_priv_key_function)
ENGINE_set_pkey_meths(e, my_pmeths_function)
When my engine instantiates a EVP_PKEY the public part of RSA/EC_KEY
is set with data from the hsm
and gives it my RSA_METHOD/EC_KEY_METHOD.
Then I use RSA_set_ex_data/EC_KEY_set_ex_data to store information
about the hsm key to use.
However ECX_KEY isn't public nor does it have any METHOD or ex data.
My question is how to support ed25519/ed448 keys?
/Bengt
SY, Dmitry Belyavsky
