Menu
▾
▴
Re: [Opensc-devel] Fwd: ECDH Engine
|
From: Alexander G. <ago...@gm...> - 2015-10-06 17:37:39
|
Hi Doug, David suggested to contact you. We are writing an openssl ECDH engine. All private keys are in the hardware (including ephemeral keys). I found that the DH_METHOD has both (*generate_key) and (*compute_key) methods while the ECDH_METHOD has just the (*compute_key) method. We would like (once the engine is completed) to use standard SSL_accept() etc calls. But the compute_key() returns shared secret based on previously generated public/private key pair and the public key is already sent to a peer). Is there a hook to replace the public key before it is sent out? Any ideas/plans about adding this hook into the code? Thank you, Alex Gostrer. > > On Tue, Oct 6, 2015 at 7:54 AM, David Woodhouse <dw...@in...> > wrote: > >> On Tue, 2015-10-06 at 07:52 -0700, Alexander Gostrer wrote: >> > Yeah, with ECDSA we have no problems. We thought about submitting a >> > patch but the code is pretty complicated and we weren't sure that we >> > completely understand it. Also we wanted to stick with the stable >> > version. >> >> You need to fix it in HEAD first. Then we can talk about backporting to >> older versions. >> >> > Do you have Doug's email? Don't want to spam other people. >> >> Probably best to use the opensc mailing list. >> ope...@li... >> >> -- >> dwmw2 >> >> > |
