Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

). From: Jeffrey Walton noloa...@gmail.com To: openssl-users@openssl.org Sent: Friday, December 7, 2012 4:52 PM Subject: Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine On Fri, Dec 7, 2012 at 5:05 AM, LN lnicu...@yahoo.com wrote: ... MS CAPI has an option to mark

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

On Wednesday, December 5, 2012, Ashok C ash@gmail.com wrote: Hi, Our current SSL server loads plain-text private keys using the SSL_CTX_use_PrivateKey_file() method. We are moving from this strategy to use custom encrypted private keys using the TPM concept. For this, we have an engine

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

(through boost::asio::ssl) :) From: Jakob Bohm jb-open...@wisemo.com To: openssl-users@openssl.org Sent: Thursday, December 6, 2012 12:23 PM Subject: Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine On 12/6/2012 9:13 AM, LN wrote

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

On 12/07/2012 11:05 AM, LN wrote: I have a feeling it does so because I tried to save that returned EVP_PKEY to a PEM file with PEM_write_bio_PrivateKey and then to load it back from the same file with PEM_read_bio_PrivateKey. Saving worked, but loading failed (with some decoding error

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

On Fri, Dec 7, 2012 at 5:05 AM, LN lnicu...@yahoo.com wrote: ... MS CAPI has an option to mark a private key as exportable when you create or install it, which means that the private key can then be read anyway, but I don't know if that feature is used by the OpenSSL CAPI Engine. It is

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

. PEM_write_bio_PUBKEY and PEM_read_bio_PUBKEY worked with the returned EVP_PKEY. Thanks! From: Ashok C ash@gmail.com To: openssl-users@openssl.org Sent: Thursday, December 6, 2012 7:03 AM Subject: Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

On 12/6/2012 9:13 AM, LN wrote: Hi, Somehow related to private keys but about loading them with CAPI engine... Does someone know if the ENGINE_load_private_key() for CAPI engine returns the PUBLIC KEY ? I have a feeling it does so because I tried to save that returned EVP_PKEY to a PEM file

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

Hi Ashok, On Wed, Dec 5, 2012 at 12:29 AM, Ashok C ash@gmail.com wrote: Hi, Our current SSL server loads plain-text private keys using the SSL_CTX_use_PrivateKey_file() method. We are moving from this strategy to use custom encrypted private keys using the TPM concept. For this, we have

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

On Wed, Dec 05, 2012, Ashok C wrote: Hi, Our current SSL server loads plain-text private keys using the SSL_CTX_use_PrivateKey_file() method. We are moving from this strategy to use custom encrypted private keys using the TPM concept. For this, we have an engine implemented. Now the

Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

Thanks Steve and Kent for the pointers. Makes things clear for now. On Thu, Dec 6, 2012 at 4:22 AM, Dr. Stephen Henson st...@openssl.orgwrote: On Wed, Dec 05, 2012, Ashok C wrote: Hi, Our current SSL server loads plain-text private keys using the SSL_CTX_use_PrivateKey_file() method.