Hello David, Thanks for checking this out and your positive feedback. I was not able to find any substantial solution for this either. I do wonder why that is? Possibly, Windows users are not as interested in a cross platform solution like OpenSSL provides and they are fine with using the Windows APIs directly -- that is just speculation though.
Best regards, Reinier On Fri, Jul 2, 2021 at 6:56 AM David von Oheimb <d...@ddvo.net> wrote: > Hello Reinier, > > around five years back I was looking for such an implementation as an > alternative to the rather limited CAPI engine, mostly because the C(rypto > )API does not support ECC. > The only thing I found at that time was > https://mta.openssl.org/pipermail/openssl-dev/2016-June/007362.html and I > do not know how it evolved since them. > So I am very pleased to see that meanwhile there is a way of using core > features of Windows CAPI Next Generation (CNG) from OpenSSL. > > Many thanks to RTI for providing this as open-source development under the > Apache license. > I currently do not have the time for a closer look or even trying it out, > but this looks very good and well documented. > In particular, > https://openssl-cng-engine.readthedocs.io/en/latest/using/openssl_commands.html > gives a nice example how to use the Windows cert & key store. > Porting this to the new OpenSSL crypto provider interface will likely lift > the limitation regarding RSA-PSS support, which lacks just due to the > engine interface. > > Cheers, > > David > > > On 01.07.21 19:49, Reinier Torenbeek wrote: > > Hi, > > For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you > may want to check out this new OpenSSL CNG Engine project on GitHub: > https://github.com/rticommunity/openssl-cng-engine . The associated > User's Manual is on ReadTheDocs: > https://openssl-cng-engine.readthedocs.io/en/latest/index.html . > > The project implements the majority of the EVP interface, to leverage the > BCrypt crypto implementations, as well as a subset of the STORE interface, > for integration with the Windows Certificate and Keystore(s), via the > NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with > Visual Studio 2017 and 2019. It is released under the Apache-2.0 license. > > Any feedback is welcome, please send it to me or open an issue on GitHub. > > Best regards, > Reinier > >