[openssl-dev] Using keys from a hardware accelerator
Alexander Gostrer
agostrer at gmail.com
Tue Jul 21 14:39:08 UTC 2015
Thank you, David.
It wasn't obvious :) Let me look into.
Regards,
Alex.
On Tue, Jul 21, 2015 at 7:32 AM, David Woodhouse <dwmw2 at infradead.org>
wrote:
> On Tue, 2015-07-21 at 06:55 -0700, Alexander Gostrer wrote:
> >
> > I didn't find any reference to pkcs11 or engine_pkcs11 or cryptoki in
> > the code. The closest thing I see on the master branch are
> > openssl/engines/vendor_defns/hwcryptohook.h, sureware.h, and so on.
> > Is there a special branch for pkcs11? Or I just need to use
> > hwcryptohook.h/sureware.h as a reference code and make my own
> > implementation?
>
> Unfortunately, PKCS#11 support isn't a part of OpenSSL directly
> (although it would be really good to fix that).
>
> The PKCS#11 engine is at https://github.com/OpenSC/engine_pkcs11
>
> A new release is imminent, which allows you to specify certificates and
> keys by a PKCS#11 URI (RFC7512) instead of the old format.
>
> On systems where p11-kit exists, it also automatically loads the
> appropriate PKCS#11 modules according to the system configuration. So
> using it really is as simple as providing the correct PKCS#11 URI for
> the cert/key you want.
>
> --
> David Woodhouse Open Source Technology Centre
> David.Woodhouse at intel.com Intel Corporation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150721/976fd462/attachment-0001.html>
More information about the openssl-dev
mailing list