Hi Selva, Thanks for your clear answer. Regards Tom Temat: Re: Own HW Supported RSA provider Data: 2024-07-20 19:08 Nadawca: "Selva Nair" <selva.nair@xxxxxxxxx> Adresat: DW: "openssl-users@xxxxxxxxxxx" <openssl-users@xxxxxxxxxxx>; > > On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak <tbartcz@xxxxxxxxx> wrote: > >> >> If I use the crypto library I can provide desired properties like in EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with properties required by me? >> > > You can set a property query while creating the SSL context using SSL_CTX_new_ex(). Or set it on the libctx using EVP_set_default_properties(). > > That said, what you are trying to do may work with no need for property queries or even with "?provider=default" to prefer "default" when possible. When the private key is loaded using your provider and the key is not exportable, your provider will get called for signature operation. > > See the link below for a test program on how even "?provider=default" in the signing context fetches the correct signature operation for a key in a different provider. It also has the rudiments of an external key signing provider: > > https://gist.github.com/selvanair/e4fd5fec6316fe894ad0fbaac68f4355 > > OR > > https://github.com/openssl/openssl/commit/dd292ed62cc5d3eb0c529aa51a07ec1ed34a9a5f > > Selva >