[openssl-users] Storing private key on tokens
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Wed Sep 27 12:41:34 UTC 2017
AFAIK, at this point pkcs11 engine doesn't support key generation.
The only viable options AFAIK are OpenSC (pkcs11-tool) and vendor-specific applications like yubico-piv-tool.
Regards,
Uri
Sent from my iPhone
> On Sep 27, 2017, at 08:23, Dmitry Belyavsky <beldmit at gmail.com> wrote:
>
> Hello,
>
> What is the most natural way to generate private keys using openssl but store them on a specific hardware tokens? Reading/writing is implemented via engine mechanism.
>
> I suppose that it should be added support of -outform ENGINE to the genpkey command, but do not understatnd how to deal with it after that.
>
> Thank you!
>
> --
> SY, Dmitry Belyavsky
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170927/7e8a4c1d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5801 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170927/7e8a4c1d/attachment.bin>
More information about the openssl-users
mailing list