2025-10-07 –, Prague/ Technical Deep Dive & Innovation
Before OpenSSL 3.5 we implied that symmetric keys are always represented as an array of bytes. Unfortunately, that's not enough for non-extractable symmetric keys.
Since 3.5 we are closing this deficiency.
The presentation describes the newly-introduced EVP_SKEY objects and corresponding API and infrastructure.
TL,DR: Stockholm syndrome with OpenSSL.
I have been working with OpenSSL code since late 2004. Working on implementing national cryptography for OpenSSL, I got familiar with many parts of the library.
Since 2020 I apply my knowledge of OpenSSL for Red Hat, currently I'm most busy with post-quantum transition of Red Hat and OpenSSL