On 08/03/2021 02:37, Benjamin Kaduk wrote:
Hi Stephen :)

The API you'll want to use is EVP_PKEY_fromdata(); there's
a stubbed out example of using it to make an EVP_PKEY with
EC group parameters at
but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY
(and possibly OSSL_PKEY_PARAM_PUB_KEY; I forget if you need
to pass both) should be fairly straightforward.

Thanks for that! I worked around a few things and still need
to tidy-up but got things working that way without any more
deprecation warnings.

Let us know if you run into trouble with that route.

One outstanding issue is that I still need different code
paths for NIST curves vs. 25519 & 448 - is that just me
(quite likely:-) or should these new APIs hide differences
between those different curves?

Thanks again,


On Mon, Mar 08, 2021 at 02:23:36AM +0000, Stephen Farrell wrote:


My question: how does one setup an EVP_PKEY for a NIST
curve (e.g. p256) key pair when one has the private key
in an octet string using the latest OpenSSL 3.0.0 high
level APIs?

I'm trying to get rid of deprecation warnings from my
code for HPKE [1] when dealing with NIST curves using
the new (I guess?) OSSL_PARAM_* approach. I'm failing
at the moment;-)

So, given an octet string from a set of test vectors
(e.g. [2]) what's the proper way to setup an EVP_PKEY
for that to allow one to validate the test vectors?

Happy to try produce a stand-alone example for this
in the next few days if one doesn't exist (I've not
found one so far).


[2] https://github.com/cfrg/draft-irtf-cfrg-hpke

pub   RSA 4096/7B172BEA 2017-12-22 Stephen Farrell (2017) 
sub   RSA 4096/36CB8BB6 2017-12-22

Attachment: OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to