Hello Selva and Matt,
Thanks for the pointers. Following the suggested approach, I have added (in
a branch of a fork) initial support of RSA-PSS for the BCrypt engine and
the few first tests look promising. Next, I will do the same thing for
NCrypt. After that I will probably add support for OAEP
Hi
>
>>
>> This is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a major
>> limitation. It doesn't have to be that way as the OpenSSL engine interface
>> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.
>>
>
> Yes I agree the lack of support for RSA-PSS is signif
On 02/07/2021 16:33, Matt Caswell wrote:
via the RSA_PKEY_METHOD
I meant RSA EVP_PKEY_METHOD.
Matt
On 02/07/2021 16:18, Reinier Torenbeek wrote:
It is not clear to me what you mean with "the OpenSSL engine interface
does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec
etc.". Can you elaborate (here or on the GitHub issue)?
You can hook the RSA calls at different abstraction
Hi Selva,
On Fri, Jul 2, 2021 at 10:49 AM Selva Nair wrote:
> Hi,
>
> On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
> reinier.torenb...@gmail.com> wrote:
>
>> Hi,
>>
>> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
>> may want to check out this new OpenSSL CNG Engi
Hi Richard,
Glad you like it. The cert: scheme is a little inconvenient and I do not
know how extensively it is used in practice. But it seemed appropriate to
leverage it since it was around already and seemed to fit the bill.
Microsoft's documentation is not too extensive, but for anybody intere
Hi,
On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
reinier.torenb...@gmail.com> wrote:
> Hi,
>
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
> may want to check out this new OpenSSL CNG Engine project on GitHub:
> https://github.com/rticommunity/openssl-cng-engine
Hello David,
Thanks for checking this out and your positive feedback. I was not able to
find any substantial solution for this either. I do wonder why that is?
Possibly, Windows users are not as interested in a cross platform solution
like OpenSSL provides and they are fine with using the Windows
Thanks Matt.
>From your response, it seems that this would be a good moment to start
looking into the provider interface. I will check it out (and may get back
with questions after that...)
Reinier
On Fri, Jul 2, 2021 at 4:21 AM Matt Caswell wrote:
>
>
> On 02/07/2021 04:25, Reinier Torenbeek wr
This is cool!
I had some kind of skeleton of a start to make something similar, but
time was never on my side. I'm really glad to see this got picked up!
This also answered a question I never got the answer for, what scheme
to use for the STORE. I know next to nothing about PowerShell, so
hadn'
Hello Reinier,
around five years back I was looking for such an implementation as an
alternative to the rather limited CAPI engine, mostly because the
C(rypto )API does not support ECC.
The only thing I found at that time was
https://mta.openssl.org/pipermail/openssl-dev/2016-June/007362.html and
On 02/07/2021 04:25, Reinier Torenbeek wrote:
Hi Matt,
I am aware of the deprecation of the engine interface with 3.0 but have not
looked into the details of support providers yet. I expect converting an
engine to a support provider could be done with quite a bit of code reuse,
correct? W
Hi Matt,
I am aware of the deprecation of the engine interface with 3.0 but have not
looked into the details of support providers yet. I expect converting an
engine to a support provider could be done with quite a bit of code reuse,
correct? Would you say the interface and design of support pr
Nice! Are there any thoughts to support providers? The engine interface
is deprecated in 3.0.
Matt
On 01/07/2021 18:49, Reinier Torenbeek wrote:
Hi,
For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
may want to check out this new OpenSSL CNG Engine project on GitHub:
Hi,
For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you may
want to check out this new OpenSSL CNG Engine project on GitHub:
https://github.com/rticommunity/openssl-cng-engine . The associated User's
Manual is on ReadTheDocs:
https://openssl-cng-engine.readthedocs.io/en/latest/
15 matches
Mail list logo
