Re: [OpenCA-Devel] OpenSSL 0.9.8 (dev) and engine support?

Tue, 10 May 2005 02:02:29 -0700 

Hi,

>> Does anybody know how to use engine support in 0.9.8? I did not
>> find anything useful in the docs or in the OpenSSL mailing list
>> archives.

with Michael's help and the OpenSC module I figured out how to
use the nCipher module with OpenSSL 0.9.8. For anyone with the
same problem here is what I had to do.
I first had some problems until I realized that the THREAD_LOCKING
option must be set, otherwise the nCipher engine lib complains that
the dynamic lock callbacks are not set by the hwcrhk support library.

I will update the OpenCA nCipher Token module soon to include support
for dynamic engine. My idea is to retain the original behaviour
if the original configuration is used. Only if the token
configuration includes PRE_ENGINE settings, the dynamic engine
will be used.

cheers

Martin


# /usr/local/openssl-snap/bin/openssl
OpenSSL> engine -vvvv dynamic  -pre ID:chil -pre
SO_PATH:/usr/local/openssl-snap/lib/engines/libncipher.so -pre LIST_ADD:1
-pre LOAD -pre THREAD_LOCKING:1 -tt
(dynamic) Dynamic engine loading support
[Success]: ID:chil
[Success]: SO_PATH:/usr/local/openssl-snap/lib/engines/libncipher.so
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: THREAD_LOCKING:1
Loaded: (chil) nCipher hardware engine support
     [ available ]
     SO_PATH: Specifies the path to the 'hwcrhk' shared library
          (input flags): STRING
     FORK_CHECK: Turns fork() checking on or off (boolean)
          (input flags): NUMERIC
     THREAD_LOCKING: Turns thread-safe locking on or off (boolean)
          (input flags): NUMERIC
     SET_USER_INTERFACE: Set the global user interface (internal)
          (input flags): [Internal]
     SET_CALLBACK_DATA: Set the global user interface extra data (internal)
          (input flags): [Internal]
OpenSSL> genrsa -engine chil 1024
engine "chil" set.
Generating RSA private key, 1024 bit long modulus
........................................++++++
......................++++++
e is 65537 (0x10001)
-----BEGIN RSA PRIVATE KEY-----
...



-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_ids93&alloc_id281&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to