On Mon, 25 May 2020 13:20:28 +0200, Emmanuel Deloget wrote: > In my development I'm using a idiom that's not as widely used as I > thought (as I get it after multiple days of searching out there). In > order to securely distribute a binary, I encrypt it using an AES key > and the AES key itself is encrypted using a /private/ RSA key I own.
That's a perfectly viable thing to do, and is usually called "signing", and what you're signing here is the AES key. > Only owners of the /public/ key (which, as it is a publilc key, may > leak) can decrypt the AES key, and therefore the binary. Which is usually called "verifying the signature". This looks like object signing to me. > Of course, in order to do this I rely on RSA_private_encrypt() and > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() > cannot be used(*). EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to use. However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover() (if I read you correctly, that's the function you need, rather than a mere EVP_PKEY_verify()). > So, after that long introduction, here is my question : is there any > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private > key and decrypt using a public key? Yes, see above. Those functions have been around for a while, I think you can start playing with them in any current OpenSSL version. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/
