openssl asym_cipher/signature provider

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl asym_cipher/signature provider

Thulasi Goriparthi
Hello,

Is it acceptable for an openssl provider to implement an algorithm (rsaEncryption) as asym_cipher or signature algorithm without implementing corresponding keymgmt or redirecting the same to the 'default' provider?

I ask, as our engine implementation handles key import dynamically at time of offloading crypto operation, using ex_data of key objects. I want to quickly upgrade this to a provider to convince myself that the basic upgrade from engine to provider isn't time consuming.

Thanks,
Thulasi.
Reply | Threaded
Open this post in threaded view
|

Re: openssl asym_cipher/signature provider

Matt Caswell-2


On 14/12/2020 16:04, Thulasi Goriparthi wrote:

> Hello,
>
> Is it acceptable for an openssl provider to implement an algorithm
> (rsaEncryption) as asym_cipher or signature algorithm without
> implementing corresponding keymgmt or redirecting the same to the
> 'default' provider?
>
> I ask, as our engine implementation handles key import dynamically at
> time of offloading crypto operation, using ex_data of key objects. I
> want to quickly upgrade this to a provider to convince myself that the
> basic upgrade from engine to provider isn't time consuming.

One of the main purposes of the key manager is to import the key into
the provider into a form that it can use internally. The
asym_cipher/signature implementations just use references to keys
created by the key manager.

So unfortunately it is necessary to have a key manager in order for a
provider to have a usable asym_cipher or signature implementation.

Note: it does not have to be a fully featured key manager, e.g. it does
not need to implement key generation. It would be perfectly possible to
have key generation done in some other key manager and then subsequently
import it into the target key manager.

Matt