Welcome to RTI’s OpenSSL CNG Engine¶
This project implements an engine for leveraging Windows’ Cryptography API: Next Generation (CNG) with the OpenSSL crypto suite, branch 1.1.1.
The OpenSSL CNG Engine source code is hosted on Github as the openssl-cng-engine project. It is brought to you by Real-Time Innovations under the Apache License, Version 2.0. For questions related to using this engine in conjunction with RTI’s Connext DDS Secure product, please contact cng@rti.com.
Finding your way¶
For a high level introduction to this project, check out section About RTI’s OpenSSL CNG Engine, which identifies its functionality and outlines the different components involved.
Detailed build instructions as well as descriptions of the different build system elements are given in section Building the solution. This includes an overview of the platform and toolchain components needed as well as their different versions that the project is being tested with.
Some elementary functional tests, based on the Google Test framework, are part of the project. Details are explained in setion Testing the build.
Using this engine is not different from using any other OpenSSL engine. Still, section Using the engine(s) provides descriptions of specific mechanisms for error handling, debugging and issuing control commands.
Section BCrypt EVP algorithms describes some details for each of the supported EVP algorithms that are good to know when using them. Some of those are specific to BCrypt’s implementation, others are related to OpenSSL, or a combination of the two.
Looking up and using identity certificates and cryptographic keys is provided through OpenSSL’s STORE interface. Details are explained in section NCrypt STORE operations.
For several reasons, the use of this engine comes with a number of caveats. Check out section Known limitations to learn about them.
In order to maintain code and documentation quality, the software development process leverages CI techniques and follows conventions outlined in section Development process.