Hi, On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek < reinier.torenb...@gmail.com> wrote:
> Hi, > > For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you > may want to check out this new OpenSSL CNG Engine project on GitHub: > https://github.com/rticommunity/openssl-cng-engine . The associated > User's Manual is on ReadTheDocs: > https://openssl-cng-engine.readthedocs.io/en/latest/index.html . > > The project implements the majority of the EVP interface, to leverage the > BCrypt crypto implementations, as well as a subset of the STORE interface, > for integration with the Windows Certificate and Keystore(s), via the > NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with > Visual Studio 2017 and 2019. It is released under the Apache-2.0 license. > > Any feedback is welcome, please send it to me or open an issue on GitHub. > This is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a major limitation. It doesn't have to be that way as the OpenSSL engine interface does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc. Selva >