"David C. Partridge" <[EMAIL PROTECTED]> wrote:
IIRC the Luna CA3 is FIPS140-2 LEVEL 3 which means it won't allow you under
nay circumstances to extract the private key from the device
(non-extractable, sensitive in PKCS#11 parlance).
What this means is that you need to send the data to the device to be signed
(don't know how to do this using openssl), rather than extracting the key
and using openssl to do the crypto in software.
My intention was not to extract the key but to tell OpenSSL to use a particular key, thus I need a way to generate a reference to the key.
I just taken as an example the code from openssl, but there is something I am doing wrong somewhere...
All I want to do is to enable ENGINE so all crypto operations are performed on the LunaSA (and probably I am missing something important here :-( ) and to use the Key
sored on the device, not a software one.
Does anybody have experiences (also with other hardware) that may be of some help ???
Thank you, byz.
--- Massimiliano Pala ([EMAIL PROTECTED])
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
