Compute HMAC using nCipher ENGINE and HSM-based symmetric key

Jan Just Keijser janjust at
Tue Mar 30 21:04:19 UTC 2021


On 30/03/21 20:58, Ron Kundla wrote:
> Hello!
> I have a requirement to generate a HMAC value using a secret/symmetric
> key inside the HSM. I have seen examples that use public/private keys
> to do such a thing, but nothing that would use an AES or a
> nCipher-specific HMAC key.
> Does OpenSSL support this function using the ENGINE subsystem?
OpenSSL supports this, but not many HSMs do; you can take a look at the 
/dev/crypto engine for an example;  the corresponding bits in the 
OpenSSL source code are in .../engine/crypto/eng_devcrypto.c

I have never seen a PKCS#11 device that support symmetric keys though - 
but there will be plenty of SSL accelerator cards out there that do (but 
I would not call them HSMs).



More information about the openssl-users mailing list