[openssl-users] Loading pkcs11 engine opensc without using command line

Dr. Stephen Henson steve at openssl.org
Fri Jul 17 11:36:36 UTC 2015

On Fri, Jul 17, 2015, Victor Wagner wrote:

> On Fri, 17 Jul 2015 00:10:27 +0000
> "Dr. Stephen Henson" <steve at openssl.org> wrote:
> > On Thu, Jul 16, 2015, Anirudh Raghunath wrote:
> > 
> > > Hello, 
> > > 
> > > I want to write a program in which I can load a certificate from a
> > > smartcard instead of having it in a file on the client machine. In
> > 
> > You may be able to make use of the automatic dynamic engine loading
> > mechanism to simplify things. You can pass the ENGINE DSO path as the
> > ENGINE name or to the function ENGINE_by_id() and it should load it.
> > 
> > I suggest you try it with the command line utility first.
> Does openssl trunk already have API to load certificate from the engine?
> Last time I've looked for this API I've only found
> int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
>         STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
>         STACK_OF(X509) **pother,
>         UI_METHOD *ui_method, void *callback_data);
> which seems to be a bit too specific (where would I get an SSL pointer
> if I want to use this certificate in the mail client to sign a CMS
> message?) and is not supported by opensc PKCS11 engine.

No OpenSSL currently doesn't have an API to do that but the OP was asking
about how to use an external API that took an ENGINE pointer.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list