[openssl-dev] Using keys from a hardware accelerator
Jan Just Keijser
janjust at nikhef.nl
Mon Jul 20 15:21:30 UTC 2015
Hi Alexander,
Alexander Gostrer wrote:
> Hi All,
>
> I am working on an OpenSSL modification for a hardware accelerator who
> generates and uses private keys internally without a way to
> export/import them. The standard OpenSSL approach is to use keys from
> files. Is there any preferred way to point to keys in the hardware?
> There is more and more hardware on the market that people want to use
> directly from the OpenSSL.
>
There is a standard for this, PKCS#11, that is fairly well supported by
OpenSSL. Numerous hardware tokens and smartcards exist that can interact
with OpenSSL (via engine_pkcs11). I have personal experience with
various usb hardware tokens from Feitian and Aladdin/SafeNet. The main
feature of such tokens is that indeed the private key cannot be exported
from the device.
hope this helps,
JJK / Jan Just Keijser
More information about the openssl-dev
mailing list