[openssl-dev] [RFC v2 2/2] pem: load engine keys
Richard Levitte
levitte at openssl.org
Sun Dec 11 16:48:38 UTC 2016
Roumen Petrov <openssl at roumenpetrov.info> skrev: (11 december 2016 17:31:10 CET)
>Hi Richard,
>
>Richard Levitte wrote:
>> In message<20161206.223057.237264374331072901.levitte at openssl.org>
>on Tue, 06 Dec 2016 22:30:57 +0100 (CET), Richard
>Levitte<levitte at openssl.org> said:
>>
>> levitte> [SNIP]
>>
>> The easiest was actually to rewrite PEM_read_bio_PrivateKey()
>> entirely, so it solely uses the internal store_file functions I've
>> provided.
>> I wonder what kind of impact this would have on the community at
>> large.
>
>PEM_read_bio_PrivateKey use custom password callback . You propose
>"Store-API" with UI_METHOD as password callback.
>Rewrite of pem_read... method obsoletes pem_password_cb.
>
>What about to ensure a transition period?
>For instance in openssl 1.1 to provide new functions based on UI_METHOD
>and to mark existing as deprecated.
>
>
>One remark for store load function api - in most cases (load from file)
>it is password callback but is other cases it could be PIN or something
>different.
>Please use more generic description.
>For instance engine callback is defined in generic way - ui_method and
>its callback_data.
Earlier, I mentioned an experimental branch, https://github.com/levitte/openssl/tree/tpm_engine-support?files=1
If you have a look, you'll find an added UI utility function to wrap a pem password callback in a UI_METHOD.
>
>
>
>> Cheers,
>> Richard
>
>Regards,
>Roumen
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the openssl-dev
mailing list