[openssl-users] Simple sample of using engine?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Mon Feb 22 19:13:59 UTC 2016

I’m struggling with the following task. I’m writing a software application
linked with OpenSSL-1.0.2. It receives an encrypted symmetric key (say, with
identifying parameters) that needs to be decrypted using hardware token,
accessible via PKCS#11. I know that engine_pkcs11 (or rather it’s current
incarnation libp11) does that fine when invoked via CLI.

My question is: what’s the smallest simplest code example that you could
share to show an absolutely minimalistic way of performing such decryption?
Let’s assume that everything is already known or determined from those other
parameters – like the token type is already known (RSA), the serial number +
CN + SAN of the certificate used to encrypt, etc.

Thank you, and apologies if this question is less than smart.

P.S. An alternative is to access the token directly via OpenSC (as libp11
does it anyway), but I suspect it would be more complicated code-wise?
Uri Blumenthal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160222/2c6e73b9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160222/2c6e73b9/attachment.bin>

More information about the openssl-users mailing list