OpenSSL provider replacement for ENGINE_load_private_key
Dr Paul Dale
pauli at openssl.org
Wed Jan 12 22:51:20 UTC 2022
I'm not aware of a PKCS#11 provider being available at this point.
Pauli
On 13/1/22 5:02 am, Graham Leggett via openssl-users wrote:
> On 13 Dec 2021, at 12:15, Tomas Mraz <tomas at openssl.org> wrote:
>
>> One option would be for a provider to provide provider-storemgmt
>> implementation to load a key from its special URI. You'd then use
>> OSSL_STORE from the application to load a private key from that special
>> URI.
>>
>> Another, rather simplistic, approach would be to use the
>> EVP_PKEY_fromdata() function. In that case you'd have to know what the
>> key algorithm are you using. You'd then use EVP_PKEY_CTX_new_from_name
>> with query properties to include "provider=your_provider" and the
>> params used with EVP_PKEY_fromdata() would contain just the special id
>> parameter that the provider would use to identify the private key from
>> the device.
> The specific example is for PKCS11.
>
> Is there a PKCS11 provider available to be used?
>
> Regards,
> Graham
> —
>
More information about the openssl-users
mailing list