OpenSSL 中的 ENGINE 是什么,它的用途是什么?
What is the ENGINE in OpenSSL and what is it used for?
对于 OpenSSL 中的 ENGINE 是什么,我找不到很好的解释。它用于 EVP_PKEY_CTX_new.
等函数中
我在 encrypt/decrypt 使用 EVP_PKEY_encrypt 和 EVP_PKEY_decrypt 之前使用 EVP_PKEY_CTX_new 但是我真的需要在调用时指定 ENGINE 参数EVP_PKEY_CTX_new。我在 OpenSSL 内部的任何地方都将参数指定为 null。
所以我的问题是:
OpenSSL中的ENGINE是什么,有什么用,不指定有什么区别?
引擎是用于执行加密操作的硬件或软件实现。默认引擎 ID 为 openssl 并使用 OpenSSL 的内置函数。
假设我们有一个可以超快速执行 AES 的硬件设备。现在,当我们使用 AES 加密时,我们可以将引擎设置为该硬件设备(而不是 NULL),这意味着操作现在由硬件设备而不是默认的 OpenSSL 软件层计算。
这在 Network Security with OpenSSL 书的第 4.6 节中有解释。
OpenSSL has built-in support for cryptographic acceleration. Using the
ENGINE object type, an application can get a reference to a
changeable, underlying representation, most often a hardware device.
(...)
The general idea is simple: we retrieve an object representing the
type of hardware we wish to utilize, then we tell OpenSSL to use the
device we chose.
Example 4-17 shows a small code example of how we would perform this operation.
ENGINE *e;
if (!(e = ENGINE_by_id("cswift")))
fprintf(stderr, "Error finding specified ENGINE\n");
else if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
fprintf(stderr, "Error using ENGINE\n");
else
fprintf(stderr, "Engine successfully enabled\n");
The function call ENGINE_by_id will look up an implementation from
the built-in methods available and return an ENGINE object. The
single argument to this function should be the string identifier of
the underlying implementation we wish to use. (...)
The ENGINE object that we receive from the lookup should be used in
the call to ENGINE_set_default to allow cryptographic functions to
utilize the capabilities of the specific ENGINE. The second
parameter allows us to specify constraints on what we allow the engine
to implement. (...)
注意:cswift 是 "used for CryptoSwift" 加速硬件。
对于 OpenSSL 中的 ENGINE 是什么,我找不到很好的解释。它用于 EVP_PKEY_CTX_new.
我在 encrypt/decrypt 使用 EVP_PKEY_encrypt 和 EVP_PKEY_decrypt 之前使用 EVP_PKEY_CTX_new 但是我真的需要在调用时指定 ENGINE 参数EVP_PKEY_CTX_new。我在 OpenSSL 内部的任何地方都将参数指定为 null。
所以我的问题是:
OpenSSL中的ENGINE是什么,有什么用,不指定有什么区别?
引擎是用于执行加密操作的硬件或软件实现。默认引擎 ID 为 openssl 并使用 OpenSSL 的内置函数。
假设我们有一个可以超快速执行 AES 的硬件设备。现在,当我们使用 AES 加密时,我们可以将引擎设置为该硬件设备(而不是 NULL),这意味着操作现在由硬件设备而不是默认的 OpenSSL 软件层计算。
这在 Network Security with OpenSSL 书的第 4.6 节中有解释。
OpenSSL has built-in support for cryptographic acceleration. Using the
ENGINEobject type, an application can get a reference to a changeable, underlying representation, most often a hardware device. (...)The general idea is simple: we retrieve an object representing the type of hardware we wish to utilize, then we tell OpenSSL to use the device we chose.
Example 4-17 shows a small code example of how we would perform this operation.
ENGINE *e; if (!(e = ENGINE_by_id("cswift"))) fprintf(stderr, "Error finding specified ENGINE\n"); else if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) fprintf(stderr, "Error using ENGINE\n"); else fprintf(stderr, "Engine successfully enabled\n");The function call
ENGINE_by_idwill look up an implementation from the built-in methods available and return anENGINEobject. The single argument to this function should be the string identifier of the underlying implementation we wish to use. (...)The
ENGINEobject that we receive from the lookup should be used in the call toENGINE_set_defaultto allow cryptographic functions to utilize the capabilities of the specificENGINE. The second parameter allows us to specify constraints on what we allow the engine to implement. (...)
注意:cswift 是 "used for CryptoSwift" 加速硬件。