[openssl-users] Storing private key on tokens

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Wed Sep 27 12:41:34 UTC 2017

AFAIK, at this point pkcs11 engine doesn't support key generation. 

The only viable options AFAIK are OpenSC (pkcs11-tool) and vendor-specific applications like yubico-piv-tool.


Sent from my iPhone

> On Sep 27, 2017, at 08:23, Dmitry Belyavsky <beldmit at gmail.com> wrote:
> Hello,
> What is the most natural way to generate private keys using openssl but store them on a specific hardware tokens? Reading/writing is implemented via engine mechanism.
> I suppose that it should be added support of -outform ENGINE to the genpkey command, but do not understatnd how to deal with it after that. 
> Thank you!
> -- 
> SY, Dmitry Belyavsky
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170927/7e8a4c1d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5801 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170927/7e8a4c1d/attachment.bin>

More information about the openssl-users mailing list