From: Corinne Dive-Reclus <[EMAIL PROTECTED]>
CDive> I am not sure to understand how this function works:
CDive> - Do we load a key from a file into a hardware engine
CDive> and what is the file format ?
No.
CDive> or
CDive> - Do we load a key from a hardware engine into a file ?
Yes, or rather (at least if the engine is trying to be secure in
itself) a reference to the key is preferable. That's what's being
done in the nCipher code.
CDive> How has this file been created ? Through openSSL or is it engine
CDive> dependent ?
That's engine dependent. If the engine software doesn't come with
components to create hardware or hardware-protected keys and then
pretends to do key management of some kind, I'd say that part of it is
worthless anyway.
CDive> If the flag RSA_FLAG_EXT_PKEY has been set, does the file
CDive> contain only an identifier rather than the key big num values ?
That's what that flag is supposed to mean, yes. This is oly relevant
for engines that provide key management but no PKC acceleration, or
when someone decides to use the key management features but not the
PKC features of the engine.
HTH.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
