On Thu, Nov 20, 2014, Salz, Rich wrote: > > If, I want to use my own algorithm instead of rsa or sha1 in the digital > > certificates, is it possible ? > > if yes then how ? > > I thought I answered this. It is hard work, it is not documented, you're on > your own.
I agree with the "hard work" opinion ;-) This can be done and one ENGINE for gost does in fact implement new public key algorithms which aren't part of OpenSSL. In outline you do something like this... 1. Write ASN.1 modules for public key and private key formats and (if relevant) parameters. Write translation functions to convert from ASN.1 to and from EVP_PKEY structures. Optionally include printing functions. Make an EVP_PKEY_ASN1_METHOD based on these. 2. Write cryptographic functions to generate parameters (if required), private keys, sign and verify. Adding appropriate controls and string based controls will make the algorith usable from the openssl utility. Wrap the lot in an EVP_PKEY_METHOD. 3. Place the two methods in a ENGINE so it loads and registers them. 4. Test extensively using the pkey, pkeyutl, genpkey and pkeyparam utilities. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
