> The idea behind this is that a simple engine aware application could
> then just call ENGINE_load_config("filename.cnf") and forget about any
> other details.

or you can encode the parameters into string and pass this string around.
file-based configuration is not always the best.

every engine will have two APIs: common and private. private API is for
configuration. for example in case of pkcs#11 engine the private API
allows one to select pkcs#11 library to be loaded, enumerate slots, tokens
and keys. finally there is function which will encode the parameters into
string (like d:\program files\smart card vendor\pkcs11\api.dll,0,0,"the
key"). this string is then passed to application which will use it to
access private key in uniform fashion by passing the string through common
API to engine, which will decode it and act appropriately.

the private API is useful for GUI applications which may want to allow
browsing through your keys and it is optional. if the selector-string
encoding is documented then you can create this string manualy.

arne


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to