OpenSSL Blog

OpenSSL Adds Support for Raw Public Key (RFC7250)


Raw Public Keys have emerged as a component for securing communications between clients and servers. Raw Public Keys, as defined in RFC 7250, play a role in ensuring the confidentiality, integrity, and authenticity of data exchanged over the web. As a result OpenSSL will be adding support for Raw Public Keys in the upcoming OpenSSL 3.2.

Raw Public Keys are a cryptographic mechanism used in public key infrastructure (PKI) systems. They are a way of representing a public key without the associated digital certificate, which contains additional information like the owner’s identity, expiration date, and digital signatures from a certificate authority. This makes Raw Public Keys more lightweight and efficient, especially in resource-constrained environments.

RFC 7250, published by the Internet Engineering Task Force (IETF), defines the use of Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols. The primary goal of this RFC is to facilitate secure communication by enabling the use of Raw Public Keys as an alternative to traditional X.509 certificates.

RFC 7250 and Raw Public Keys are a significant step forward in the field of internet security, particularly in resource-constrained and latency-sensitive environments. While they offer a more efficient and streamlined approach to secure communications, they also come with their own set of challenges. As the adoption of Raw Public Keys continues to grow, it’s essential for developers, network administrators, and security experts to understand and implement them effectively, keeping in mind the security and privacy implications. This evolution in cryptography and security protocols marks another milestone in making the internet a safer place for all.

If you have any questions please feel free to contact us at