O'Reilly logo

Network Security with OpenSSL by Pravir Chandra, Matt Messier, John Viega

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The EVP Public Key Interface

In Chapters 6 and 7, we discussed OpenSSL's EVP interface, which is a high-level layer of abstraction that can be used with message digests and symmetric ciphers. It probably won't surprise you to learn that the interface can also be used with two of the public key algorithms that we've discussed in this chapter, DSA and RSA. Two sets of functions are provided for digital signatures and data encryption. They work very much like the functions that we've discussed in previous chapters.

The two new sets of EVP functions require the use of an EVP_PKEY object, used to hold the public or private key that is required. An EVP_PKEY object is therefore simply a container that can hold either a DSA or an RSA object. Actually, an EVP_PKEY object can also hold a DH object, but since Diffie-Hellman can be used only for key agreement, the EVP interface cannot actually make use of a DH object. With this in mind, we will limit our discussion to DSA and RSA keys.

An EVP_PKEY object is created by calling the EVP_PKEY_new function, which will return either a new EVP_PKEY object or NULL if an error occurred. Conversely, an EVP_PKEY object is destroyed by calling the EVP_PKEY_free function, passing the EVP_PKEY object to be destroyed as its only argument. When an EVP_PKEY object is first created, it is an empty container. Obviously, this is not very useful.

Two functions, EVP_PKEY_assign_DSA and EVP_PKEY_assign_RSA , are used to populate the EVP_PKEY object with either ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required