Add pkcs11 command
Antonio Iacono
antiac at gmail.com
Wed Mar 6 13:34:32 UTC 2019
I can write the function inside pkcs11 engine but then how do I "hook"
it to storeutl?
The first obstacle is here "No URI given, nothing to do" but with
pkcs11 I have no URI or File.
Thanks
On Wed, Mar 6, 2019 at 10:35 AM Richard Levitte <levitte at openssl.org> wrote:
>
> There is a more generic command to do exactly this sort of thing,
> 'openssl storeutil', available since OpenSSL 1.1.1.
>
> The pkcs11 backend / engine needs to implement the functionality
> required to hook with the OSSL_STORE functionality for storeutil to be
> useful.
>
> Cheers,
> Richard
>
> On Wed, 06 Mar 2019 09:47:01 +0100,
> Antonio Iacono wrote:
> >
> > There are some good tools for pkcs11, like pkcs11-tool of the OpenSC
> > project, but often only need the list of key ids to perform signature
> > operations with the engine.
> >
> > I would propose a new pkcs11 command which, for now, only makes the
> > list of ids and labels of keys present in a token.
> >
> > I have already prepared a draft in this branch
> > https://github.com/opensignature/openssl/tree/add-pkcs11-command/apps
> >
> > Thanks,
> > Antonio
> >
> --
> Richard Levitte levitte at openssl.org
> OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list