[openssl-dev] Using keys from a hardware accelerator
Alexander Gostrer
agostrer at gmail.com
Mon Jul 20 16:51:20 UTC 2015
Hi Jan,
It definitely helps. I am already looking into this standard.
Thank you,
Alex.
On Mon, Jul 20, 2015 at 8:21 AM, Jan Just Keijser <janjust at nikhef.nl> wrote:
> Hi Alexander,
>
>
> Alexander Gostrer wrote:
>
>> Hi All,
>>
>> I am working on an OpenSSL modification for a hardware accelerator who
>> generates and uses private keys internally without a way to export/import
>> them. The standard OpenSSL approach is to use keys from files. Is there any
>> preferred way to point to keys in the hardware? There is more and more
>> hardware on the market that people want to use directly from the OpenSSL.
>>
>> There is a standard for this, PKCS#11, that is fairly well supported by
> OpenSSL. Numerous hardware tokens and smartcards exist that can interact
> with OpenSSL (via engine_pkcs11). I have personal experience with various
> usb hardware tokens from Feitian and Aladdin/SafeNet. The main feature of
> such tokens is that indeed the private key cannot be exported from the
> device.
>
>
> hope this helps,
>
> JJK / Jan Just Keijser
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150720/1de9b3ec/attachment.html>
More information about the openssl-dev
mailing list