[openssl-users] General approach for keeping a client cert from openssl
Michael Wojcik
Michael.Wojcik at microfocus.com
Tue Dec 20 12:29:00 UTC 2016
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Andy Green
> Sent: Monday, December 19, 2016 19:03
>
> On Mon, 2016-12-19 at 10:21 -0800, Kyle Hamilton wrote:
>
> > There exists what is called an ENGINE interface to offload
> > cryptographic operations to a container. Right now,
>> https://wiki.openssl.org/index.php/Creating_an_OpenSSL_Engine_to_use_
> > indigenous_ECDH_ECDSA_and_HASH_Algorithms seems to be the best
> > documentation available to explain the process of creating it.
>
> Thanks, I will start with that and try to understand it better.
Note that there's already an ENGINE implementation for PKCS#11, so if your hardware supports that you may be able to simply use that code. If not, then 1) why doesn't it (providing the standard API is generally a good idea), but 2) it may be a useful model.
Michael Wojcik
Distinguished Engineer, Micro Focus
More information about the openssl-users
mailing list