Correction, I accidentally omitted a couple of the external ECDSA signature parameters, which specify the signature output. Here is the correct declaration for it.
int external_ecdsa_sign(const uint8_t *data, const int datalen, uint8_t *sig, int *siglen); /* sign data */ Does anyone have any ideas on how to implement this as an ECDSA method for OpenSSL engine? On 8 November 2014 16:14, Lisa Matias (マティアス リサ) <lisa.mat...@gmail.com> wrote: > Is there any example code on how to set up openssl engine to work with a > custom external ECDSA system? > > Specifically, I have a custom "C" library which implements the following: > > int external_ecdsa_initialize(); /* open connection to external > system */ > int external_ecdsa_sign(const uint8_t *data, const int datalen); /* > sign data */ > void external ecdsa_finalize(); /* close connection */ > > This library handles all of the communication with the external system > containing the ECC private key, and provides an API to generate the ECDSA > signatures. (This way, if my server is ever hacked, the attacker won't get > a copy of the external ECC private key.) > > My goal is to turn this into a proper ECDSA method for OpenSSL engine, and > allow it to be used as an EVP_PKEY object, but I cannot find a way to do > this. >
