Compute HMAC using nCipher ENGINE and HSM-based symmetric key
Jan Just Keijser
janjust at nikhef.nl
Tue Mar 30 21:04:19 UTC 2021
On 30/03/21 20:58, Ron Kundla wrote:
> I have a requirement to generate a HMAC value using a secret/symmetric
> key inside the HSM. I have seen examples that use public/private keys
> to do such a thing, but nothing that would use an AES or a
> nCipher-specific HMAC key.
> Does OpenSSL support this function using the ENGINE subsystem?
OpenSSL supports this, but not many HSMs do; you can take a look at the
/dev/crypto engine for an example; the corresponding bits in the
OpenSSL source code are in .../engine/crypto/eng_devcrypto.c
I have never seen a PKCS#11 device that support symmetric keys though -
but there will be plenty of SSL accelerator cards out there that do (but
I would not call them HSMs).
More information about the openssl-users