. Is that doing some
magic under the covers?
Thank you,
Sunjeet
On 2012-04-13, at 6:23 PM, Dr. Stephen Henson wrote:
On Fri, Apr 13, 2012, Sunjeet Singh wrote:
Hi,
Stupid question-
If I use a HSM to store private key used for SSL connections using the
CryptoAPI engine for OpenSSL, is all data
Hi,
Stupid question-
If I use a HSM to store private key used for SSL connections using the
CryptoAPI engine for OpenSSL, is all data to be encrypted/decrypted going
through my HSM? I'm-
1. Registering my HSM as a Cryptographic Service Provider, and
2. Setting my application code to
Ah, I see. Many thanks for the explanation.
Sunjeet
On 2012-04-05, at 7:36 AM, Jakob Bohm wrote:
On 4/5/2012 5:36 AM, Sunjeet Singh wrote:
ENGINE_free all of the structural references you got, including the one
for the ENGINE you're using
And so in order to free all structural
Hi,
I'm working on an OpenSSL Engine implementation and I don't entirely get the
idea behind Structural and Functional references. So, I'd be very grateful if
someone could comment on my approach of handling references.
If I have multiple SSL connections using an engine at the same time, IS IT
ENGINE_free all of the structural references you got, including the one for
the ENGINE you're using
And so in order to free all structural references of an ENGINE * e, I could
just do this?-
while( e-struct_ref 0 ) {
ENGINE_free( e );
}
And to keep all but one functional
8. Now, I want to load the certificate into the same SSL Context.
At first I tried using the simple-
ENGINE_load_ssl_client_cert()
on the certificate file generated earlier, but that failed. I can
understand why- the certificate is encrypted (self-signed).
The it is probably DER format. Use d2i_X509_fp instead and make sure you open
the fp in binary mode.
Steve.
Yes, indeed. It worked! Thanks again for your quick reply.
Sunjeet
__
OpenSSL Project
Hi,
In trying to implement integration of my application that uses OpenSSL with
nCipher HSM using CryptoAPI, I am stuck with a rather conceptual issue. First
let me explain the steps that I was able to do successfully (hopefully I'm
doing these right and this will be a helpful summarization
If the MS-CAPI Engine can generate keys, you might be able to use it through
the nCipher CSP to generate hardware protected Signing and Exchange keypairs
for your CAPI container.
I just accomplished this by making use of the nCipher CSP and their command
line utility keytst to generate a
Hi Sander,
Thank you for your elaborate response. It has helped me a great deal.
A follow-up question-
fookey
fookey_certreq
fookey_selfcert
The first one looks a lot like a private key, but it is a dummy key. This is
the key file you pass to the OpenSSL library. It looks so much
None of the above ;-)
If you have the CHIL ENGINE you load a private key using
ENGINE_load_private_key() and pass the appropriate ENGINE pointer and the name
of the key which will presumably be rsa-test.
That will get you an EVP_PKEY pointer which you can pass to
Thank you for your response.
I don't know if outdated is the word: perhaps there hasn't ever been much.
Some old blogs are referencing helpful blogs/tutorials that are now expired.
Searching online didn't help either.
The CHIL Engine *only* registers for RSA exponentiation, and cannot be
Greetings again, I'm back with another question. Any help will be much
appreciated-
My OpenSSL Application uses the OpenSSL C function call-
SSL_CTX_use_certificate_chain_file( sslCtx, keyFile );
where keyFile is the path to a .PEM file containing the private key and
certificate.
But
Hi,
Most of the references on this forum on how to use nCipher HSM with OpenSSL
using the CHIL API (or CAPI) are outdated. I was wondering if anyone had any
pointers to helpful resources in this regard.
I've been reading up about it here and there and I'm aware of the commands to
use for
14 matches
Mail list logo
