Allow usage of ECC keys

Lipovlan / cng-openssl-provider

OpenSSL provider using Windows Cryptography API: Next Generation

MIT License

6 stars 6 forks source link

Allow usage of ECC keys #6

Open Lipovlan opened 1 year ago

Lipovlan commented 1 year ago

Right now we can only export RSA keys. cng_keymgmt_export() should be able to differentiate between the keys and export into the appropriate OSSL_PARAM data types (OSSL_PKEY_PARAM_EC_P, OSSL_PKEY_PARAM_EC_GENERATOR, OSSL_PKEY_PARAM_EC_PUB_X and OSSL_PKEY_PARAM_EC_PUB_Y).

Good sources: CNG documentation for DSA and OpenSSL documentation for EC keymgmt.

levitte commented 1 year ago

Er.... supporting another key type involves a little more than a mere hack of the keymgmt export function. Sure, you can most probably have fairly common functions for all key types you support, but some will have to be different. This means another OSSL_DISPATCH instance, and another line in the keymgmt OSSL_ALGORITHM array.

(actually, there's more, such detecting and correctly declaring the ECC key in the store function load_another_private_key(), and if you want to be able to use if, signature support)