Jeff Roberts wrote:
>
> Has anyone out there used the WIN32 OpenSSL toolkit in conjunction with the
>Microsoft Cryptography API ?
>
> By doing this you avoid any copyright problems from RSA because Microsoft has
>licensed the RSA code and placed in the Windows 95/98 and Windows NT operating
>systems.
>
> Does anyone know how complicated it is to remove the encryption algorithms in the
>OpenSSL toolkit and hook in the Microsoft Cryptography API to perform the encryption ?
>
This gets asked from time to time...
It is pretty difficult because licensing issues mean MS hasn't actually
exposed the raw RSA routines: you can't for example encrypt and decrypt
arbitrary data using RSA and CryptoAPI. This means it isn't a case of
simply replacing the OpenSSL RSA routines with CryptoAPI, you'd also
need to replace digests and symmetric algorithms.
There is not AFAIK any way to handle the specialised pre-master secret
RSA encryption and decryption that is needed for SSL using CryptoAPI.
This means you couldn't use CryptoAPI RSA for SSL.
You can use it for SSL client authentication though.
So in conclusion, yes you could do it and it would be useful for things
like RSA certificate signing and verification and SSL client
authentication. However the lack of SSL functionality would severely
limit its usefulness.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
