>From Richard Levitte - VMS Whacker [[EMAIL PROTECTED]]
> For SSL, that's true. However, there might be uses for symmetric
> algorithm acceleration or even key management in other situations.
Alright, I though openSSL was SSL dedicated.
We already expose some symmetric algorithms too so it would be nice to get
it.
CDive> - At key pair generation, the engine can be called and
CDive> return a "key name". If flags contains RSA_FLAG_EXT_PKEY,
CDive> bignum will point to a null-terminated string rather than a
CDive> bignum array.
>Incorrect. ENGINE_load_private_key() requires a "key name" in form of
>a NUL-terminated string, as well as an optional passphrase. It
>returns an EVP_PKEY to you, which contains a pointer to the RSA
>structure. This RSA structure may contain bignums for both the public
>and the private key of the key pair, or (as it is for the nCipher
>implementation) bignums for the public key and just a reference
>(context pointer) to the private key. In the latter case, at least
>with the nCipher implementation, the reference to the private key is
>saved in the ex_data structure that's referenced by the RSA structure.
OK, I can use rsa.ex_data but that does not solve the key generation point
or do I miss the point again and load key is expected to generate a new pair
?
CDive> - load_private_key won't be necessary except if we
CDive> want to use a key not generated by OpenSSL and already into the
CDive> hardware. It would be greate too if this file format is the
CDive> same as PEM_write_bio_RSAPrivateKey, like that the key can used
CDive> later as generated from OpenSSL ( i.e. probably very useful for
CDive> read-only devices like smartcards for SSL clients).
>I really see no need for that. What would you do with that PEM file?
>Transport it to some other computer, where it would instantly become
> unusable?
Well why ? Our hardware is on the network and can be accessed by several
computers at the same time.
Quite handy if you want to have a backup web server computer for instance.
Idem for a smartcard, it is quite a transportable device !
CDive> - we can provide too a RSA/DSA_delete_private_key.
> It would be pretty nice if there was some procedure to create keys as
well :-).
Good one this one!
Thanks for all your answers, quite nice to get some interactive discussion
Cheers
-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended
for the addressee(s) only. If you have received this message in error or
there are any problems please notify the originator immediately. The
unauthorized use, disclosure, copying or alteration of this message is
strictly forbidden. Baltimore Technologies plc will not be liable for direct,
special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being
passed on.
In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.
This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
